The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sorry I know protection from email bombs has been talked about but..

Discussion in 'E-mail Discussions' started by DWHS.net, Mar 14, 2006.

  1. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    I was wondering what the best and easiest way to protect from mail bombs with the lowest load use. Easiest is important since we have hundreds of servers that we manage.

    Paid services is fine for fine for this but low load use is essential.

    I don't think apf or bfd does this right?

    Thank you,

    Charley
     
  2. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    Can you elaborate by what you mean by "email bombs"? Emails sent to multiple addresses at a domain name, emails sent to a single specific email address, attack on the SMTP server without emails actually being transmitted etc?

    You may find Chirpy's MailScanner solution from http://www.configserver.com useful in some circumstances, but without knowing exactly the problem you are having, it's difficult to suggest something.
     
  3. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    I mean a dos type attack to the server but with tens of thousands of emails with attachments. The goal is to crash the server.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Probably to play with the many commands you can use within exim to limit the number of incoming SMTP connections from a single source and the number of transactions allowed per SMTP connection. You could also offload to the queue if the load average goes above a given value. More over at www.exim.org. If it's all from a single IP or email address, then you can block either in your firewall or in an exim ACL. If it's simply a dictionary attack, then use a dictionary attack ACL. Finally, make sure you do not use the default alias.
     
Loading...

Share This Page