John D. Hardin wrote: > On Mon, 31 Dec 2007, Mike Cisar wrote: > > >> Even tried yanking the IP address off of the server over the >> holidays in the hope that whatever it was would just give up. No >> such luck, within a minute of reactivating the IP to the server >> this morning the traffic was back to full flow. >> > > Tarpit 'em. > > http://sourceforge.net/projects/labrea >
Tarpitting may not be the right answer, because "they" have a lot more resources than us (greetpause seems to work, if you use an asynchronous server or proxy, i.e. one which can do other things while "sleeping"). you can reduce the load by having your server drop the connection when it rejects the mail, using 421 code. depending on the server, it may be possible to do this at connection time using zen.spamhaus.org (which lists many zombies). It may also be good to reduce the timeout when the server is under attack.
