The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New Kind of Mail Atack? My load goes to 300 tonight

Discussion in 'E-mail Discussions' started by IRCBrasil, Jan 21, 2006.

  1. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    Tonight i had a surprise with my celphone receinving a notification from my server with high load, so, after 10 minutes i could ssh into then, stop all services and see the troble:

    Take a look in a litle part of my /var/log/exim_mainlong

    root@matrix [~]# cat /var/log/exim_mainlog |grep -c 201.40.9.66
    10512

    The only solution that i found was doing an apf -d 201.40.9.66

    I would know if there are some script to block this kind of atack automactily.

    I read about ratelimit on exim 4.60, there are someone using it yet?

    Sugestions will be very apreciated.

    Thank you,

    André Marcelo
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    In that situation, smtp_accept_max_per_host would probably help by only allowing X number of connections from any single IP address at a time. Couple that with a dictionary attack ACL should bring it under control:
    http://www.configserver.com/free/eximdeny.html
     
  3. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    But in this case, if i set smtp_accept_max_per_host it will affect localhost too? for example a custumer sending a mail list will be afected ?

    Thanks.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I've not played with it, so don't know if it also affects localhost :eek:
     
Loading...

Share This Page