smtp server, hammered to death?
Hey there, i dont know where to put this, so i thought that debian-user
would be best.
I recently read a great article on debianplanet, that was about how to
setup a courier/exim (imap / smtp) server. Everything worked out fine,
until after say a week.. then i heard one night, that the box started
working like a madone. i checked, it had a loadaverage above 50,00. so
i pulled the tcp cable.. the day after i saw in the logs what looked
like some mailservers had been using me as a relay or something .. so i
tighened the security up alot with blocking all the
incoming/outgoing/forwarded trafic at my(local) gateway fron that hosts
mx:es.
Then i got my /var/log/exim/mainlog file filled with lines looking like
:
2003-09-08 06:25:13 19w88k-0005Cw-00 == someone@host T=remote_smtp defer
(110): Connection timed out
Where the host is always the same, and the someone differs..
In 8 hours my logs were about 50-100 MB filled with similar lines...
So i thought, "well i do a fresh install, and these things should go
away.."
I did, but no difference.
So i googled and asked around abit on irc networks, and the idea someone
gave me was that i was getting probed from some spammer wanting me as
their relay or smtp-proxy..
Now my box doesnt work that hard anymore, but its darn frustrating..
since the logs get huge in notime..
The courier setup seems to work perfect, but it seems to be the smtp
that is the problem...
Has anyone stumbled into similar situations, and is there a way to get
rid of those "probes"?
Best regards!
/smurfd
Reply to: