Re: [courier-users] Same problem with courier-mta as with exim [FW by XXXX@XXXXX.XXX : Re: Dictionary spamming ?] - Jeff Jansen - net.sourceforge.lists.courier-users

9 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Same problem with...

From	Sent On	Attachments
Michelle Konzack	Sep 28, 2007 2:46 am
Sam Varshavchik	Sep 28, 2007 4:05 am
João Vale	Sep 28, 2007 4:23 am
Michelle Konzack	Sep 28, 2007 5:54 am
Jeff Jansen	Sep 28, 2007 7:09 am
Michelle Konzack	Sep 28, 2007 7:49 am
Jeff Jansen	Sep 28, 2007 8:33 am
Gordon Messmer	Sep 28, 2007 11:19 am
Tim Lyth	Sep 28, 2007 7:17 pm

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: [courier-users] Same problem with courier-mta as with exim [FW by XXXX@XXXXX.XXX : Re: Dictionary spamming ?]	Actions...
From:	Jeff Jansen (tech...@sil.org)
Date:	Sep 28, 2007 7:09:38 am
List:	net.sourceforge.lists.courier-users

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Michelle Konzack wrote:

In theorie... -- but they hit me periodicaly with over 200 per second.

You're seeing 200 hits a second! From the same ip addresses or different ones all the time?

Since no single ip address should be hitting your server that often, you could rate limit incoming connections to your port 25 with iptables:

iptables -A INPUT -p tcp --dport 25 -m state --state NEW \ -m recent --set iptables -A INPUT -p tcp --dport 25 -m state --state NEW \ -m recent --update --seconds 60 --hitcount 10 -j DROP

If it sees more than '--hitcount' new connections in '--seconds' number of seconds, it will start dropping connections, until there are less than '--hitcount' new connections in '--seconds' number of seconds.

This doesn't know whether connections are authenticated or not, obviously. It just keeps track of how often new connections come in from individual ip addresses and drops any that are over the limit.

HTH Bonne chance!

iD8DBQFG/Qs5GfIHDMaiC9cRAtoPAJ0bQECDPK0z2+2u+H8FCsKiRkxp7ACfeDqG GQSGriM6ecaoiKSJWAsZHs8= =IsY9 -----END PGP SIGNATURE-----

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: