On Tue, Feb 17, 2004 at 12:25:17AM -0700, Lucas Albers wrote: > Just recently I had my mail server swamped by a single virus machine > that kept resending a virus message, ignoring my 5xx rejection code. > > Is it possbile to block this via an iptables smtp max connection > throttle code? > > How do you handle this? > Via iptables?, or via qmail/postfix/exim/sendmail internal coding? > > Does anyone else encounter this problem on a regular basis? > How do you solve this?
I haven't tried any of this, but search for "tarpit" on google. Here are some links that might be helpful: http://www.securityfocus.com/infocus/1723 http://www.hackbusters.net/LaBrea.html http://www.palomine.net/qmail/tarpit.html If there is one particular machine you want to slow down/block, why not just block it completely from sending mail until it's fixed? The owner of the machine is likely to notice the problem more quickly if he/she can't send mail at all. -- Michael Wood <[EMAIL PROTECTED]>
