Prev-20 Home Next-20 5 msg Loops back to myself 2 msg Postfix, MySQL 6 msg Trouble with MYSQL Query on SASL 3 msg Inbound/OutBound Relay 10 msg is hotmail blocking mail or does 'soft fail' me... 20 msg Incorrect domainname 8 msg Resolve some addresses and relay some addresses... 11 msg setup postfix whitout mynetworks, just with per... 5 msg commands for examining queue? 2 msg writable proxymap service update 1 msg Feature: output rate limiting 3 msg mysql support in Postfix 14 msg Installation Questions 6 msg Re: smtpd_proxy_filter by size 3 msg implementing pyspf 2 msg Confused about hostnames & domainnames 5 msg Too much logging information to mail.debug 4 msg Dealing with unreliable milters - revisited ddos \ jeff (30 Nov 2007) . \ Tomasz Chmielewski (30 Nov 2007) . . \ jeff (30 Nov 2007) . . . \ Terry Carmen (30 Nov 2007) . . . . \ Terry Carmen (30 Nov 2007) . \ Victor Duchovni (30 Nov 2007) . \ (Wietse Venema) (30 Nov 2007) . . \ jeff (30 Nov 2007) . . . \ (Wietse Venema) (30 Nov 2007) . . . . \ Rob Morin (30 Nov 2007) . . . . . \ Terry Carmen (30 Nov 2007) . . . . \ Patrick T. Tsang (1 Dec 2007) . . . . . \ Robert Schetterer (1 Dec 2007) 75 msg SMTP-SASL auth failure caching. Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Nov-2007 Next-Thread Next-Msg Subject: ddos Group: Postfix-users From: jeff Date: 30 Nov 2007 Our server has been episodically receiving tens of thousands of messages per minute to non-existent addresses. These come from an enormous number of ip's, so many that anvil shows only 6, 8 connections from a single IP in a minute, and we can see that some IP's only send every few hours. Very large Botnet? Anyhow, we don't accept any of the messages but the number of connections is killing us. Is there anything we can do to combat this? postconf -n is below. alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[192.168.0.134]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man mydestination = domian_names_removed $myhostname, localhost.$mydomain, localhost, regexp:/etc/postfix/xxx_regexp myhostname = smtp.me.com myorigin = $mydomain newaliases_path = /usr/bin/newaliases parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_au thorized_clients,smtpd_access_maps queue_directory = /var/spool/postfix readme_directory = no sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. Prev-Msg Prev-Thread Postfix-users Nov-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com