Can you share your switches you are using to call tcp server with this patch? Sounds nice and Would help with spam bombing as well.
-John
----- Original Message ----- From: "Devendra Singh" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 18, 2004 9:39 PM Subject: Re: [Qmail-scanner-general]qmail and iptables
> > Check this Patch to ucspi-tcp. I have been using since many months. > http://linux.voyager.hr/ucspi-tcp/tcpserver-limits-2004-07-25.diff > > Earlier I was using tcpserver-limits-2004-01-24.diff but upgraded it to the > new version a few days back. > > I must say it's a wonderful patch to fight against Virus laden Bombing IPs. > Bravo, Matija Nalis for your wonderful patch. > > Devendra Singh >
Hi John,
Okay I would print my SMTPD-RUN script, but it does not make any difference, it's a normal script which everyone uses.
What is important is tcp.smtp. Here is my partial tcp.smtp (be carefull about rolled over lines due to mail formattion):
cat tcp.smtp
...
...
...
# ALLOW THESE IPS TO RELAY MAIL THROUGH OUR SERVER
#
# Ips of Our Net Servers are allowed to relay,
# and we won't bother doing any RBL checking.
#
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",MAXCONNIP="15",MAXLOAD="4500"
#192.168.1.141:allow,RELAYCLIENT="",RBLSMTPD="",MAXCONNIP="10",MAXLOAD="4500"
#192.168.1.243:allow,RELAYCLIENT="",RBLSMTPD="",MAXCONNIP="10",MAXLOAD="4500"
#192.168.1.11:allow,RELAYCLIENT="",RBLSMTPD="",MAXCONNIP="10",MAXLOAD="4500"
#
# Connections from localhost are allowed to relay
# (because the WebMail server runs on localhost),
# and obviously there is no point trying to perform an RBL check.
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#
:allow, LOCALMFCHECK="", MFDNSCHECK="", BADMIMETYPE="", MAXRECIPIENTS="20", MAXCONNIP="5", MAXCONNC="10", MAXLOAD="4500", DIEMSG="421 MyDomain.com Service temporarily unavailable due to too many connections from You, closing transmission channel"
I also grep the smtpd-log in case of load increase for "MAX" and temporarily block the IPs with too many repetitive entries with firewall.
Here is my smtpd-run script:
#!/bin/sh
# when QMAILQUEUE is set, all mail will be sent to the nominated script
echo 'Starting qmail-smtpd...'
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
VPOPMAILUID=`id -u vpopmail`
VPOPMAILGUID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
# Setting the $LOCALMFCHECK variable will effectively enforce that the
# hostpart of the MAIL FROM: address correspond to one entry in our ./rcpthosts (./morercpthosts) file.
# Commented for Putting the Check into /etc/tcp.smtp
# export LOCALMFCHECK=""
# Invoking the environment variable $MFDNSCHECK in the qmail-smtpd startup script,
# enables globally the DNS check for the envelope's sender.
#export MFDNSCHECK=""
# HELODNSCHECK enables globally the DNS check for the client MTA's HELO/EHLO greeting string.
# export HELODNSCHECK=""
# softlimit needs to be set at something large such as 15000000
# to allow virusscanning software to run successfully
if [ -z "$VPOPMAILUID" -o -z "$VPOPMAILGUID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ];
then
echo VPOPMAILUID, VPOPMAILGUID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open
relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 15000000 \
/usr/local/bin/tcpserver -H -l "$LOCAL" \
-v -x /etc/tcp.smtp.cdb \
-c "$MAXSMTPD" -r -u "$VPOPMAILUID" -g "$VPOPMAILGUID" 0 smtp \
/usr/local/bin/rblsmtpd -b -C \
-r 'bl.spamcop.net:Your message was rejected because the mail server you use is configured to allow OPEN RELAY - More detailed information regarding this problem is available from http://www.spamcop.net/w3m?action=checkblock&ip=%IP% - Please forward this error through to your email server support staff for easy resolution.' \
-t 5 \
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 2>&1
______________________________________________________
Devendra Singh
IndiaMART InterMESH Limited
(Global Gateway to Indian Market Place)
B-1, Sector 8, Noida, UP - 201301, India
EPABX : +91-120-2424945, +91-120-3094634, +91-9810646342
Fax: +91-120-2424943
http://www.indiamart.com
http://portals.indiamart.com
______________________________________________________
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
