Hi List, Some of our customers use our mailservers as antispam/antivirus gateway. So our server accepts mail, does some spam and virus checking and delivers the mail to a remote server. Of course I don't want to accept mail for non existing users so our mailserver verifies the recipient. So far so good. But when a spam run is started and our server receive over 100 messages per minute the final server wouldn't handle the verifies anymore and is responding:
[ID 197553 mail.info] NOQUEUE: reject: RCPT from smtp.zonder.com[64.244.96.100]: 450 4.1.1 <rerer...@example.com>: Recipient address rejected: unverified address: host xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] refused to talk to me: 421 too many connections; from=<> to=<rerer...@example.com> proto=ESMTP helo=<pluto.vrocorp.com> Our server response to the spammer is 450. This response seems to stimulate spammers to do even more tries. Are there things I could do to stop this problem. Currently I'm blocking connections for 10 minutes with ipf that gave to many errors. But this still doesn't stop the spammers. === postconf -n: address_verify_map = btree:${data_directory}/verify alias_maps = hash:/opt/csw/etc/postfix/aliases body_checks = regexp:/opt/csw/etc/postfix/maps/body_checks broken_sasl_auth_clients = yes command_directory = /opt/csw/sbin config_directory = /etc/postfix content_filter = amavisfeed:localhost:10024 daemon_directory = /opt/csw/libexec/postfix data_directory = /opt/csw/var/lib/postfix default_database_type = hash delay_warning_time = 4h disable_vrfy_command = yes header_checks = regexp:/opt/csw/etc/postfix/maps/header_checks home_mailbox = Maildir/ html_directory = /opt/csw/share/doc/postfix/html inet_interfaces = all mailbox_command = /opt/csw/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /opt/csw/bin/mailq manpage_directory = /opt/csw/share/man maximal_backoff_time = 8000s maximal_queue_lifetime = 7d message_size_limit = 20971520 mime_header_checks = regexp:/opt/csw/etc/postfix/maps/mime_header_checks minimal_backoff_time = 1000s mydestination = $myhostname, localhost.$mydomain myhostname = stevie.youngguns.nl mynetworks_style = host myorigin = $myhostname newaliases_path = /opt/csw/bin/newaliases readme_directory = /opt/csw/share/doc/postfix/README_FILES receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = slagenlandwonen.nl, wfcommunicatie.nl, gooischebrink.com, interjute.nl, melamo.nl, fair-play.nl, loopbaankamer.nl, ospl.nl, ospl.de, printcontrol.nl, dankers-schilderwerken.nl, promonta.nl, interim-denbosch.nl, vanherpt.biz relayhost = sample_directory = /opt/csw/share/doc/postfix/samples sendmail_path = /opt/csw/sbin/sendmail smtp_bind_address = 213.207.90.2 smtp_helo_timeout = 60s smtp_send_xforward_command = yes smtp_skip_quit_response = yes smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP smtpd_client_connection_count_limit = 10 smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_hard_error_limit = 12 smtpd_helo_required = yes smtpd_recipient_limit = 100 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_destination, reject_unverified_recipient, reject_non_fqdn_helo_hostname, reject_rbl_client virbl.dnsbl.bit.nl, check_policy_service inet:127.0.0.1:12525, check_client_access cidr:/opt/csw/etc/postfix/dnswl_header, check_client_access cidr:/opt/csw/etc/postfix/dnswl_permit, check_policy_service inet:127.0.0.1:10023 smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_soft_error_limit = 3 smtpd_tls_cert_file = /home/yghosting/ssl/secure-youngguns-nl.pem smtpd_tls_key_file = /home/yghosting/ssl/secure-youngguns-nl.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/opt/csw/etc/postfix/transport unknown_address_reject_code = 550 unknown_hostname_reject_code = 550 unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 virtual_alias_maps = hash:/opt/csw/etc/postfix/virtual