Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

New Kind of Mail Atack? My load goes to 300 tonight

Discussion in 'E-mail Discussion' started by IRCBrasil, Jan 21, 2006.

  1. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    156
    Hi,

    Tonight i had a surprise with my celphone receinving a notification from my server with high load, so, after 10 minutes i could ssh into then, stop all services and see the troble:

    Take a look in a litle part of my /var/log/exim_mainlong

    root@matrix [~]# cat /var/log/exim_mainlog |grep -c 201.40.9.66
    10512

    The only solution that i found was doing an apf -d 201.40.9.66

    I would know if there are some script to block this kind of atack automactily.

    I read about ratelimit on exim 4.60, there are someone using it yet?

    Sugestions will be very apreciated.

    Thank you,

    André Marcelo
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    In that situation, smtp_accept_max_per_host would probably help by only allowing X number of connections from any single IP address at a time. Couple that with a dictionary attack ACL should bring it under control:
    http://www.configserver.com/free/eximdeny.html
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    156
    But in this case, if i set smtp_accept_max_per_host it will affect localhost too? for example a custumer sending a mail list will be afected ?

    Thanks.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    I've not played with it, so don't know if it also affects localhost :eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice