> Quoting Rajkumar S <[EMAIL PROTECTED]>: > > Does any one seeing increasing smtp concurrency for the past couple of > > weeks? I run couple of (qmail/simscan/spamassassin) mail servers and > > all experience the same problem. The spam does not increase, but this > > is hogging my mail servers. Probably a new crop of spamming tools?
On 06.09.07 11:09, Jeff Chan wrote: > Some botnets are starting to hold mail connections open for much longer > after getting a 5xxx blacklist response. Reason is unknown; could be > coding errors or deliberate. Many people are changing their smtpd > timeouts form the RFC 300 seconds down to 45 seconds: > Some people are even using 10 seconds, which seems short to me. The RFC > requires 300 seconds. It "requires" 300 seconds this way: An SMTP server SHOULD have a timeout of at least 5 minutes while it is awaiting the next command from the sender. (rfc 2821, section 4.5.3.2). SHOULD means "unless you have good reason" (rfc 2119). preserving of being DoSed is good reason. I think lowering maybe to 60 seconds is not a problem. btw maybe someone could gather list of those IPS and creating a blacklist... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states.
