While I know it can be easy to simply block the host, I was wondering if there was some way to avoid the problem all together by potentially identifying hosts attempting to overload the server (Denial Of Service) by throttling down the amount of allowed inbound connections (from external sources) from a single host.
Yes. Sendmail >=8.13.0 has several nice options.
FEATURE(`ratecontrol',`nodelay',`terminate')dnl FEATURE(`conncontrol')dnl define(`confCONNECTION_RATE_WINDOW_SIZE',`60')dnl
I was looking at those, in addition to the FEATURE(`greet_pause', <num>)..
The documentation on sendmail.org's site regarding greet_pause was just a step above non-existent. I didn't check the others (ratecontrol and conncontrol).. Looking in to them now.
I am the SysAdmin for an ISP here in Billings. I am unafraid of using these controls and they have really helped our situation. I limit 25 Connections/sec period. I also limit 3 connections from any one external host/min.
Just out of curiosity, how, exactly, are you limiting the connections per second and connections from external hosts/domains?
I occasionally get the "25" connections and deferring at that rate in my logs, but not enough to worry me and we handle ~200,000 emails a day. Adjust your connection/defer times accordingly to your normal load.
Have fun and knock them dead at the gate.
Thanks!
-Rich _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
