Hi, No, they are from different network segments :( So spam-throttle patch won´t be effective. Afaik this patch tries to slow down connections from the same ip. The attack is from several ips and they establish a connection doing this slow. So my concurrencyincoming is reach and server reject the new conections. What I consider interesting for chkusr patch is a badrecipient limit. Dictionary attacks try several rcpt to: introducing sleep between each rcpt to. Look at http://netdevice.com/qmail/patch/goodrcptto-12.patch and look for: "To prevent dictionary attacks, the transmission channel is closed after the number of bad recipients set in control/brtlimit or BRTLIMIT, two by default. Repeated attempts from the same IPs may be handled by a cron that looks at the logs and updates tcprules accordingly." This is would be helpful . Thank you and congratulations for your excelent work, Lucas -----Mensaje original----- De: Bill Shupp [mailto:[EMAIL PROTECTED] Enviado el: jue 16/09/2004 17:51 Para: [EMAIL PROTECTED] CC: Asunto: Re: [toaster] spam problem
Lucas Valdeón Villa wrote:
>
> No, servers are always diferents :(
>
>
Are they at least from the same network block? You might try the 0.7b3
patch for the toaster. I contains the spam-throttle patch, which is
similar to tarpit but looks at simultaneous incoming connections, rather
than per session limits. If you can determine the net block that these
come from, you could put more stringent limits on them, or us tcprules
to block that net entirely.
Regards,
Bill
<<winmail.dat>>
