Re: [exim] DDos

2022-11-09 Thread The Doctor via Exim-users
On Wed, Nov 09, 2022 at 08:21:37PM -0700, The Doctor via Exim-users wrote: > I was checking my https://www.nk.ca/eximstats.html > > and lo and behold looks like a huge number of rejected e-mails. > > Further netstat -a shows a lot of smtp connections being opened. > > Any way to deflect this? S

Re: [exim] DDOS on SMTP port by large number of new connections from random IPs

2014-10-30 Thread Terry
Hi Anoop, On 28/10/2014 03:29, Anoop John wrote: Thanks Marius, Scott Neader, Wolfgang Breyha, Xander Harkness for looking into this and sending your recommendations and suggestions. We implemented both suggestions. We set smtp_accept_max_per_host to 4. We also set up PTR record check on incomi

Re: [exim] DDOS on SMTP port by large number of new connections from random IPs

2014-10-29 Thread Anoop John
@Dave - thanks for your suggestion. The server is already using the following DBLs Spamcop Spamhaus Mailspike PSBL WPBL I will look at the DROP / EDROP suggestion. Thanks for the same. The DDOS attack has been going on for more than a week now. Mail server is functional though with the increase

Re: [exim] DDOS on SMTP port by large number of new connections from random IPs

2014-10-28 Thread Dave Lugo
On Tue, 28 Oct 2014, Anoop John wrote: Not sure how to take things forward from here. Thanks once again for your suggestions. Are you doing any dns blocklist rejections? You could try to do those earlier in the connect acl, taking into account whitelisted hosts, etc. You might also look at

Re: [exim] DDOS on SMTP port by large number of new connections from random IPs

2014-10-28 Thread Anoop John
Thanks Marius, Scott Neader, Wolfgang Breyha, Xander Harkness for looking into this and sending your recommendations and suggestions. We implemented both suggestions. We set smtp_accept_max_per_host to 4. We also set up PTR record check on incoming connections. For those that do not have reverse D

Re: [exim] DDOS on SMTP port by large number of new connections from random IPs

2014-10-20 Thread Xander D Harkness
Dear Anoop, On 18 Oct 2014, at 10:48, Anoop John wrote: > > > Is there some setting in exim that can drop connections if there is no > authentication within a timeout or something like that? You might also try to limit the number of connections per server, which I find works very well. I find

Re: [exim] DDOS on SMTP port by large number of new connections from random IPs

2014-10-20 Thread Wolfgang Breyha
Anoop John wrote on 18/10/14 10:48: > I have run into a problem on my server with a DDOS attack on port 25. The > server is getting large number of connection requests on port 25 from > random IPs continuously preventing any access to the SMTP port by valid > users. Also the server reaches the limi

Re: [exim] DDOS on SMTP port by large number of new connections from random IPs

2014-10-20 Thread Scott Neader
On Sat, Oct 18, 2014 at 3:48 AM, Anoop John wrote: > Is there some setting in exim that can drop connections if there is no > authentication within a timeout or something like that? Hi Anoop. I'm not even close to an expert, compared to the many knowledgeable users on this list, so I will defe