On 06.10.2008 23:18, Jimmy Spam wrote: > The kind of this attack is open multiple smtp sessions for send spam to > local domains from thousand of different ip's. > > I can't block any port because I need keep on the smtp service. I have > blocked many bad ip's, but it's useless, thousand of new ip's continue > connecting to my server each day... > > I think that even if I was able to close connections in real time, my > server was also overload, because the socket takes some time to be > completely closed and available for new connections. > > I'm fucked. :-( > > >> Without knowing the kind of ddos attack there is no way to fight against >> it. >> Please check your logs to find out on which port(s) the attack was. >> >> I use fail2ban script to block password bruteforce attacks. >> >> Best regards >> Christoph >> >> Jimmy Spam schrieb: >> >>> Hi friends, >>> >>> I'm suffering a DDoS attack since some days ago. I'm becoming mad!!, I >>> can't block it. Block by ip is useless. >>> >>> bastards spammers of hell...!! >>> It may help to block with blacklists (i.e. zen.spamhaus.org), additionally it may help to block IPs without reverse DNS.
I am not sure if this is really a DDoS, its sounds more like daily life for any SMTP server these days. We currently have 3.7 percent of legitimate mail traffic on our servers. 96.3 percent is junk. The blacklists and reverse DNS checks let us drop 91.9 percent of the connections before SMTP really starts. So our servers have to deal with only 8% of the connections. Your mileage may vary. Regards Alain Wolf
