audit wrote:
My server's been getting slammed all night with requests from
adsl-99-162-37-137.dsl.ipltin.sbcglobal.net[99.162.37.137] and I've
been trying to figure out to stop it.
I've put the IP address in mx_access with REJECT and ran
/usr/local/etc/rc.d/postfix reload and it's still getting slammed.
Does anyone have any idea's? I've got a botnet that's been going crazy
on the server also, we're not running any open proxy's and it's locked
down nice and tight.
Best way: use iptables or equivalent (with TCP reset) to block the
connection. This will take the least amount of resources and make your
system a lot happier.
The Postfix way follows, but is still load on your server.
check_sender_mx_access probably isn't the best place for that IP. This
checks the domain in the MAIL FROM vs your database and not the IP of
the connection. You were probably seeking check_client_access.
Here's the output of my postconf -n
[...]
smtpd_client_restrictions = permit_mynetworks, check_client_access
hash:/usr/local/etc/postfix/junk, reject_rbl_client zen.spamhaus.org,
reject_rbl_client virbl.dnsbl.bit.nl, reject_multi_recipient_bounce,
reject_unauth_pipelining, reject_unknown_reverse_client_hostname
check_client_access regexp:/usr/local/etc/postfix/spam_ip_regex
smtpd_data_restrictions = reject_unauth_pipelining, permit
No permit_mynetworks first? This is your choice, but the later config
suggests you wanted to.
smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining,
permit
Remove this and modify smtpd_data_restrictions above. No real point in
keeping it here.
smtpd_sender_restrictions = check_sender_mx_access
cidr:/usr/local/etc/postfix/mx_access
See comments above
Brian
