Re: protecting mail server from DOS

To: albersl+debianAZF011604@cs.montana.edu
Cc: debian-isp@lists.debian.org
Subject: Re: protecting mail server from DOS
From: Michael Wood <mwood@its.uct.ac.za>
Date: Tue, 17 Feb 2004 09:44:56 +0200
Message-id: <[🔎] 20040217074456.GB26364@marmite.its.uct.ac.za>
Mail-followup-to: Michael Wood <mwood@its.uct.ac.za>, albersl+debianAZF011604@cs.montana.edu, debian-isp@lists.debian.org
In-reply-to: <[🔎] 1288.216.166.133.210.1077002717.squirrel@web1.cs.montana.edu>
References: <[🔎] 1288.216.166.133.210.1077002717.squirrel@web1.cs.montana.edu>

On Tue, Feb 17, 2004 at 12:25:17AM -0700, Lucas Albers wrote:
> Just recently I had my mail server swamped by a single virus machine
> that kept resending a virus message, ignoring my 5xx rejection code.
> 
> Is it possbile to block this via an iptables smtp max connection
> throttle code?
> 
> How do you handle this?
> Via iptables?, or via qmail/postfix/exim/sendmail internal coding?
> 
> Does anyone else encounter this problem on a regular basis?
> How do you solve this?

I haven't tried any of this, but search for "tarpit" on google.

Here are some links that might be helpful:

http://www.securityfocus.com/infocus/1723
http://www.hackbusters.net/LaBrea.html
http://www.palomine.net/qmail/tarpit.html

If there is one particular machine you want to slow down/block, why not
just block it completely from sending mail until it's fixed?  The owner
of the machine is likely to notice the problem more quickly if he/she
can't send mail at all.

-- 
Michael Wood <mwood@its.uct.ac.za>

Reply to:

References:
- protecting mail server from DOS
  - From: "Lucas Albers" <albersl@cs.montana.edu>

Prev by Date: protecting mail server from DOS
Next by Date: Re: What is the best mailling list manager for qmail and Domain Tech. Control ?
Previous by thread: protecting mail server from DOS
Next by thread: Re: protecting mail server from DOS
Index(es):
- Date
- Thread