John Andersen wrote:
On Tuesday 17 October 2006 23:09, Bill Taroli wrote:
Debbie D wrote:
Last Mon, Tues & Wed I had severe inflow of spam, always at 12.30p EST,
Wed it didn't stop till almost 5p. The server seems to not be very
cooperative when the queue grows over 200 or so.
...
this high amount of spam, (BTW scoring at 20-well over 1000) is killing
the loads and I have screaming clients..
I don't know that you're alone in seeing this increased traffic. For
another domain I help manage, they were seeing a large influx of
connections. For the most part, sender verification and RBL's were
blocking them. But then they threw in a little twist... opening SMTP
sessions and letting them sit. Open enough of these and processes build
up (awaiting timeout) doing nothing and new connections fail -- a crude
but effective DOS.
Isn't this something Anvil is designed to handle? It seems SuSE installs
this by default for postfix. I see log entries where is rate limits some
IPs, usually when it looks like they are doing a dictionary job on me.
The Postfix anvil(8) server maintains short-term statistics to defend
against clients that hammer a server with either too many simultaneous
sessions, or with too many successive requests within a configurable
time interval.
So that's what my firewall has been killing.
I kept noticing timeout sessions with my mailserver (in the firewall
log), and wondered why that was happening.
