On 10/27/2012 12:29 AM, /dev/rob0 wrote: > On Sat, Oct 27, 2012 at 12:17:43AM -0500, I wrote: >> On Fri, Oct 26, 2012 at 10:46:40PM -0500, Stan Hoeppner wrote: >>> On 10/26/2012 6:16 PM, John Baker wrote: >>>> Is there anything I can do to alleviate the load on my ldap >>>> server? It's coming from so many IP's it's not going to do >>>> any good to just start firewalling. >>> >>> Configure Postscreen >>> http://www.postfix.org/postscreen.8.html >>> >>> It drops bots before user lookup. Very effective. Requires >>> Postfix 2.8 or later. >> >> Yes, *if* these really are bots. I bet they're not. It looks like >> a backscatter / sender verification attack, as if these addresses >> were used as sender addresses in a spam run. > > Most backscatter sources are "legitimate" MTAs. Many have FCrDNS. > They'll pass any postscreening and get to smtpd soon enough. Even so, > postscreen would lessen the pressure of actual bots on the server, so > it would indeed help somewhat.
Agreed. My previous rec to use a local table will help with backscatter induced LDAP load. Postscreen would also allow the op to eliminate his greylisting daemon since Postscreen does the same job, but much more efficiently. Greylisting daemons require one smtpd process per client connection, eating resources, whereas Postscreen drops bot connections before they reach smtpd--which is the design purpose of Postscreen--reducing the overall load Postfix places on the system, reducing the latency of real email through the system. -- Stan
