Re: protecting mail server from DOS
On Tue, Feb 17, 2004 at 12:25:17AM -0700, Lucas Albers wrote:
> Just recently I had my mail server swamped by a single virus machine
> that kept resending a virus message, ignoring my 5xx rejection code.
>
> Is it possbile to block this via an iptables smtp max connection
> throttle code?
>
> How do you handle this?
> Via iptables?, or via qmail/postfix/exim/sendmail internal coding?
>
> Does anyone else encounter this problem on a regular basis?
> How do you solve this?
I haven't tried any of this, but search for "tarpit" on google.
Here are some links that might be helpful:
http://www.securityfocus.com/infocus/1723
http://www.hackbusters.net/LaBrea.html
http://www.palomine.net/qmail/tarpit.html
If there is one particular machine you want to slow down/block, why not
just block it completely from sending mail until it's fixed? The owner
of the machine is likely to notice the problem more quickly if he/she
can't send mail at all.
--
Michael Wood <mwood@its.uct.ac.za>
Reply to: