Happy New Year everyone :-) Am/On Tue, 1 Jan 2008 04:20:42 +0100 schrieb/wrote mouss:
>John D. Hardin wrote: >> On Mon, 31 Dec 2007, Mike Cisar wrote: >> >> >>> Even tried yanking the IP address off of the server over the >>> holidays in the hope that whatever it was would just give up. No >>> such luck, within a minute of reactivating the IP to the server >>> this morning the traffic was back to full flow. >>> >> >> Tarpit 'em. >> >> http://sourceforge.net/projects/labrea >> > >Tarpitting may not be the right answer, because "they" have a lot more >resources than us (greetpause seems to work, if you use an asynchronous >server or proxy, i.e. one which can do other things while "sleeping"). > >you can reduce the load by having your server drop the connection when >it rejects the mail, using 421 code. >depending on the server, it may be possible to do this at connection >time using zen.spamhaus.org (which lists many zombies). > >It may also be good to reduce the timeout when the server is under attack. but could this not also cause loosing legitimate email? my server was also under attack 2 or 3 month ago. I tried the same thing as the op (listing ips in the fw etc), but these things didn't help at all. Most of the mails (>90%) were already dropped, because the ip didn't resolve (cannot find your hostname), the next 9.9% were caught by blacklists and only a very little number was rejected, because of unknown user name. One possibility might be to do the ip-check already through a hardware- firewall. But one actually can't do anything against the traffic coming to one's "indoor". best wishes to everybody (not to the spamsenders of course ;-) for 2008 Matthias