how do i stop apf antidos

[radical]

hello

after a recent install of apf/bfd and antidos of apf, i have noticed that a lot of ip's of a many popular ISP's out here get listed in ad.rules, due to which majority of my customers who are dial-up and broadband customers of these isp's are not able to connect to their mailboxes or open their websites on my server. i want to stop the antidos to prevent this, and since anyway my DC has a pretty good anti-ddos firewall, maybe i can skip antidos

thanks
Sunny

 

[nickb]

edit your conf.apf....and set USE_AD="0"

 

[radical]

thanks, do i need to restart apf or any other service to stop the antidos cron from starting?

 

[lloyd_tennison]

I would check because you have another problem because the majority of users are dial-up or broadband (Is there any other type of connection for a individual?). Your setup is corrupt in some other way.

Exactly what is causing the IP to be listed? The log will tell. /var/log/apfados_log

 

[radical]

as on today, majority of the ips blocked show this...

Jul 13 04:09:32 server antidos(27604):XX.XX.XXX.XX -> My server IP (DROPPED)
Jul 13 00:23:22 server antidos(1069):

Yesterdays logs show as .. antidos(31519)

If i just disable the antidos would i still be having a problem...

Sunny

 

[dropby23]

just delete the crontab entry for apf

 

[lloyd_tennison]

I am going to suggest you check your exim log. I am getting flooding of people saying they are my IP and trying to hack/relay in. I get about 1100 a day by IP and a couple of thousand more by domain name spoofing. If you see a buch that are rejected because of them using your IP, I would suggest you add the Exim ACL that blocks fake HELO and EHLO. Those fakes may be triggering the antidos. Also, do you have your own IP in the allow_hosts.rules file?



A good ACL is here:

http://www.rvskin.com/index.php?page=public/antispam#4.3

 

[radical]

i am sort of a newbie in linux, the apf and other install was done by a third party. what do i have to exactly look for in exim log. and the ACL to be configured, should i have my server ip/hostname/domainname in place of the existing

!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *

Regarding your other question, no i do not have my server IP in the allow_hosts.rules file?

I have chirpys mailscanner and Dictionary attack protection acl enabled, will this conflict with the above ACL to be configured?

thanks
Sunny