Vintinner, M. Scott wrote:
One of our very important clients (a major bank), is having ongoing
problems with denial-of-service style dictionary SPAM attacks. Their
anti-spam/firewall teams are slow to respond to these outbreaks, so
there may be periods of several hours where we will get frequent
connection refused messages as their resources are overloaded.
As you know, the "cool-off" period in Postfix extends the retry delay of
messages in the deferred queue from an initial time of
$minimal_backoff_time to the maximum of $maximal_back_off time. So with
the default configuration, my postfix server would try to deliver the
message at 0/300/600/1200/2400, and eventually only trying every 4000
seconds (~66 min).
Is there any chance you could get them to try installing something like
fail2ban, which can block connections from IPs that are doing the
dictionary attacks?
Trying to fix postfix to handle a DOS attack would seem to be more
difficult than preventing it in the first place.
Terry
