Gordon Messmer wrote:
I'll risk earning myself an RTFM reply and ask: is there a way to
configure tarpit=off?
No, not without modifying the source code, but the resources each
connection use on your system are very minimal. Increase the number of
connections that you allow.
I did so and was planning to report back the results, but "unfortunately"
the garbage storm suddenly ceased, so I don't see any results.
Irrespective, I do think that tarpit=off should be configurable at
runtime. In any situation where the mail load is approaching the
(available or allocated) hardware resource limits, tarpitting becomes
a burden on oneself and the admin should have a choice to turn it off.
Sam Varshavchik wrote:
Begin by adding "-noidentlookup -nodnslookup" to TCPDOPTS in the esmtpd
config file. Then, publish an SPF record for your domain. Finally,
invest some time in meticulously compiling a list of most frequent
backscatter source IPs, and blacklisting them.
The slowdown I was seeing was in a completely different class, with
courier being completely unresponsive for several hours on stretch,
not just for the odd half-second that a DNS lookup can take or even
the few seconds that identd takes to time out.
Anyway, I already had identd and dns off. I use the spamhaus RBL and
those lookups do take some time, but that's also marginal in relation
to what appears to be the accumulated effect of tarpitting.
As for SPF, I'd rather not talk about it. I was forced to remove my
records in utter frustration some time ago because some people who
should know better (most notably: nic.es) were bouncing everything
with an SPF record in its DNS. Makes a really nice setting: either
you remove SPF or you end up losing the domains that you're using
SPF on. Duh.
Z
11 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Saturation DDoS
