Right now we seem to be having an SMTP attack on one of our servers. We are getting connections from machines sending gibberish. After a short while the logs will show "dropped: too many syntax or protocol errors".
It appears to be mostly coming from eastern Europe and parts of asia.
I have added ranges of IP's to cphulkd and have added the same ranges to "Blacklisted SMTP IP addresses" inside exim configuration, saved the config and it restarted EXIM, but I am still seeing the same IPs or ips in those ranges attemption to send garbage to the server.
for example a range will be "1.0.0.0/8"
but we are still seeing the same "dropped" messages on say an ip like 1.170.4.3 which I think
should really just be a quick 550 and a drop ?
What am I doing wrong or what am I missing ? The server load is not too bad but they are using up all the smtp connections and nobody can connect or it takes many retries until they can.
Is there something else I can do to stop this attack on the smtp port ?
I am running CENTOS 6.3 x86_64 standard – WHM 11.40.1 (build 8)
Thank you.
It appears to be mostly coming from eastern Europe and parts of asia.
I have added ranges of IP's to cphulkd and have added the same ranges to "Blacklisted SMTP IP addresses" inside exim configuration, saved the config and it restarted EXIM, but I am still seeing the same IPs or ips in those ranges attemption to send garbage to the server.
for example a range will be "1.0.0.0/8"
but we are still seeing the same "dropped" messages on say an ip like 1.170.4.3 which I think
should really just be a quick 550 and a drop ?
What am I doing wrong or what am I missing ? The server load is not too bad but they are using up all the smtp connections and nobody can connect or it takes many retries until they can.
Is there something else I can do to stop this attack on the smtp port ?
I am running CENTOS 6.3 x86_64 standard – WHM 11.40.1 (build 8)
Thank you.
Last edited: