Hi Rob,
I don't currently have this problem but I did have something similar
with systems trying dictionary attacks on my SSH connections. The links
I've listed below [1][2][3] all attack the problem by setting up the
Linux firewall to kill connections which try too hard to connect to the
SSH port. This technique could be adapted so that too many connections
to the SMTP port within say a minute effectively blacklists that IP
address for ten minutes.
There is a technique called 'door knocking' where you tap out a secret
knock before attempting to connect to the SMTP server... it is effective
but not very practical.
I suppose a simpler technique might be to open another SMTP port (say
8110) instead of or as well as 110. I don't think most spammers bother
to do port scanning looking for SMTP servers.
Regards,
David Legg
Wilkinson, Robert wrote:
I have been using James Mail Server since 2000 believe it or not. But
because I have been using it that long my users have been hacked many
times and my outbound email addresses receive an incredible amount of
spam. I have arrived at the point where spamming email servers are using
up all my connections and my servers cannot connect to James. Is there a
way to hold a certain number of connections for local use only? Any
other suggestions iof how to combat this effect?
[1] http://olivier.sessink.nl/publications/blacklisting/index.html
[2] http://www.la-samhna.de/library/brutessh.html
[3]
http://hostingfu.com/article/ssh-dictionary-attack-prevention-with-iptables
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
