Hi!
I am doing what Alain does and seeing what Alain sees. :-) I agree with
Alain. For us the zen list is integrated at the qmail-queue level via
the QMAILQUEUE compile option and the qmailscanner alt qmail-queue.
Anything that makes it past that then gets passed to spamd which updates
headers and if the client likes they can filter on those headers to go
directly to Trash ...
Jimmy
Alain Wolf wrote:
On 06.10.2008 23:18, Jimmy Spam wrote:
The kind of this attack is open multiple smtp sessions for send spam to
local domains from thousand of different ip's.
I can't block any port because I need keep on the smtp service. I have
blocked many bad ip's, but it's useless, thousand of new ip's continue
connecting to my server each day...
I think that even if I was able to close connections in real time, my
server was also overload, because the socket takes some time to be
completely closed and available for new connections.
I'm fucked. :-(
Without knowing the kind of ddos attack there is no way to fight against
it.
Please check your logs to find out on which port(s) the attack was.
I use fail2ban script to block password bruteforce attacks.
Best regards
Christoph
Jimmy Spam schrieb:
Hi friends,
I'm suffering a DDoS attack since some days ago. I'm becoming mad!!, I
can't block it. Block by ip is useless.
bastards spammers of hell...!!
It may help to block with blacklists (i.e. zen.spamhaus.org),
additionally it may help to block IPs without reverse DNS.
I am not sure if this is really a DDoS, its sounds more like daily life
for any SMTP server these days.
We currently have 3.7 percent of legitimate mail traffic on our servers.
96.3 percent is junk.
The blacklists and reverse DNS checks let us drop 91.9 percent of the
connections before SMTP really starts. So our servers have to deal with
only 8% of the connections. Your mileage may vary.
Regards
Alain Wolf
