Sorry I know protection from email bombs has been talked about but..

[WebHostPro]

I was wondering what the best and easiest way to protect from mail bombs with the lowest load use. Easiest is important since we have hundreds of servers that we manage.

Paid services is fine for fine for this but low load use is essential.

I don't think apf or bfd does this right?

Thank you,

Charley

 

[richy]

Can you elaborate by what you mean by "email bombs"? Emails sent to multiple addresses at a domain name, emails sent to a single specific email address, attack on the SMTP server without emails actually being transmitted etc?

You may find Chirpy's MailScanner solution from http://www.configserver.com useful in some circumstances, but without knowing exactly the problem you are having, it's difficult to suggest something.

 

[WebHostPro]

I mean a dos type attack to the server but with tens of thousands of emails with attachments. The goal is to crash the server.

 

[chirpy]

Probably to play with the many commands you can use within exim to limit the number of incoming SMTP connections from a single source and the number of transactions allowed per SMTP connection. You could also offload to the queue if the load average goes above a given value. More over at www.exim.org. If it's all from a single IP or email address, then you can block either in your firewall or in an exim ACL. If it's simply a dictionary attack, then use a dictionary attack ACL. Finally, make sure you do not use the default alias.