24x7server wrote: > hi > > nowadays once every week or so we get an enormous number of spam hits which > increases the number of concurrent incoming connections to around 250, > causing too much load on server. reducing this figure means our clients > suffer. > > normally concurrency incoming it is just 25 - 40 range. > > we are planning to use greylisting, searched and found quite a few websites > providing patches > > a) can anybody point us to good working patch wherein we can have grey and > whitelisting of ips known servers > > b) is there anybody who can share their experience using greylisting > mechanism successfully with qmail toaster, problems faced by them if any. > > rajesh mahadevan >
Here's a note that EE sent me a month or so ago: > I remember you mentioning that you were interested in greylisting. You > may want to check this out: > > http://thomas.mangin.me.uk/software/qmail-greylist.html > > Install instructions are simple: > cd /var/qmail/bin ; wget http://thomas.mangin.me.uk/data/source/greyd > ; chmod +x greyd > mkdir /var/qmail/grey ; chown vpopmail.vchkpw /var/qmail/grey > > Add ',GREY=""' to the :allow statement at the bottom of > /etc/tcprules.d/tcp.smtp > > Then change /var/qmail/supervise/smtp/run to look like this: > #!/bin/sh > QMAILDUID=`id -u vpopmail` > NOFILESGID=`id -g vpopmail` > MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` > BLACKLIST=`cat /var/qmail/control/blacklists` > SMTPD="/var/qmail/bin/qmail-smtpd" > GREYD="/var/qmail/bin/greyd" > TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" > RBLSMTPD="/usr/bin/rblsmtpd" > HOSTNAME=`hostname` > VCHKPW="/home/vpopmail/bin/vchkpw" > > exec /usr/bin/softlimit -m 12000000 \ > /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ > -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ > $GREYD $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 2>&1 There have been a few posts on the list recently regarding this too. Before doing greylisting, I'd want to be sure that other avenues were exhausted first. .) RBLs - you should be using something more than the stock toaster .) simultaneous connections - there was some talk a while back about limiting the number of simultaneous connections from a given IP. If you're getting flooded from a single address, that might help. I'd only implement greylisting as a last resort. It has the potential to give you additional headaches. ;) -- -Eric 'shubes' --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]