Memory Usage
Total
Used
Free
Shared
Buffer
Cached
Usage
7.89 GB
7.36 GB
541.55 MB
0 B
2.26 GB
1.75 GB
93.3%I bet some of my problems come when the host system RAM usage peaks. It's even possible that these spammers are using IP's to dump these distionary attacks (take a range of IP's, search for mail servers on them, reslove the domain and spam it), they are hammering a few VPS's on the same host machine, then Im sure the host must have memory problems...
RD wrote:
Hi Justin,
As Jason stated, here's a good qmail patch against dictionary attacks. http://www3.sympatico.ca/humungusfungus/code/validrcptto.html
You may also want to limit the spamd child process.
-rd
Jason Haar wrote:
Justin Fielding wrote:
I am suffering from dictionary spam attacks causing qmail-scanner with clamav and SA to overload the servers memory and now and then crash it. When the spammer connects and starts firing off all these emails, before qmail can just dump the ones to non-exising addresses, they go through clamav and spamassassin. Quite often these spams will have attachments too with spyware inside, so these are scanned. It would be great to have the qmail-scanner script give the option to check for a mailboxes validity, and if it does not exist, reject it at the smtp level. This could be done by recompiling qmail-smtpd, but I have a plesk system which uses a custom qmail-smtpd so I can't patch.
Please listen to what you said: "I won't patch my qmail install to do what I want, so I think Q-S should be 'fixed' to do it for me"...
I agree that dictionary attacks are a real problem for relay servers in general (not just Qmail: doesn't help to be running sendmail or postfix if all your Internet mail server does is relay to an Exchange/or other backend) - and the best solution is to patch qmail-smtpd with one of the recipient-check patches - as outlined on http://www.qmail.org.
Indeed Q-S can't really do what you want anyway. To reject bad recipients, you need to do it as follows:
MAIL FROM: <....> ok RCPT TO: <[EMAIL PROTECTED]> 5xx unknown recipient QUIT
But Q-S doesn't have "hooks" into that part of the SMTP transaction - it only gets called after the DATA command is sent. So best-case is that after the client has *finished* sending the e-mail - Q-S could reject it. But that won't work either! What if there were 5 recipients - and only one was a bogus user? Q-S can't reject it then - the 4 valid users WOULD LOSE MAIL.
It's not the best tool for the job. It's not even possible for it to do the job!
Jason
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
smime.p7s
Description: S/MIME Cryptographic Signature
