Hello,
If such an attack continues for some minutes and the server does not
reject the connections
the server will create thousands of smtpd processes and might be hung
up.
Kenji Arisawa
On 2008/11/22, at 3:28, erik quanstrom wrote:
Subjet: email attacks
since our friends in sweeden helped out our spammer friends
get back on line, i've seen a lot more attacks. today i've been
getting ~10 connections/sec. fortunately its from a small
number of machines, so this trick helps alot:
/n/dump/2008/1121/sys/src/cmd/upas/smtp/smtpd.c:348,353 - smtpd.c:
348,355
if(!qflag)
syslog(0, "smtpd", "Hung up on %s; "
"claimed to be %s", nci->rsys,
him);
+ if(Dflag)
+ sleep(delaysecs()*1000);
reply("554 5.7.0 Liar!\r\n");
exits("client pretended to be us");
return;
oddly, i've found that adding a few of the hosts as -k flags stops
the attack
entirely.
- erik
