Lucas Albers wrote:
Just recently I had my mail server swamped by a single virus machine that kept resending a virus message, ignoring my 5xx rejection code. Is it possbile to block this via an iptables smtp max connection throttle code? How do you handle this? Via iptables?, or via qmail/postfix/exim/sendmail internal coding? Does anyone else encounter this problem on a regular basis? How do you solve this?
In cases like this where a machine is being extremely annoying/stubborn, I usually fire off an email to the tech contact of the netblock of the offending machine, then null route the IP at our border router. I put a comment in the access list that it's a temporary block, then I can remove it later on.
It's pretty rare for me to see a case like that. In the past, I most commonly did it for machines with brain-dead spamware that plugged away against my 550's.
Strange that your machine is seeing ill effects from one infected client. You may want to review your MTA settings to see if you're missing something.
--Rich