On Tuesday 17 October 2006 23:09, Bill Taroli wrote: > Debbie D wrote: > > Last Mon, Tues & Wed I had severe inflow of spam, always at 12.30p EST, > > Wed it didn't stop till almost 5p. The server seems to not be very > > cooperative when the queue grows over 200 or so. > > ... > > this high amount of spam, (BTW scoring at 20-well over 1000) is killing > > the loads and I have screaming clients.. > > I don't know that you're alone in seeing this increased traffic. For > another domain I help manage, they were seeing a large influx of > connections. For the most part, sender verification and RBL's were > blocking them. But then they threw in a little twist... opening SMTP > sessions and letting them sit. Open enough of these and processes build > up (awaiting timeout) doing nothing and new connections fail -- a crude > but effective DOS. >
Isn't this something Anvil is designed to handle? It seems SuSE installs this by default for postfix. I see log entries where is rate limits some IPs, usually when it looks like they are doing a dictionary job on me. The Postfix anvil(8) server maintains short-term statistics to defend against clients that hammer a server with either too many simultaneous sessions, or with too many successive requests within a configurable time interval. -- _____________________________________ John Andersen
