Loading ...
Sorry, an error occurred while loading the content.

Re: ddos

Expand Messages
  • Robert Schetterer
    ... Hi @ll, as i am bombed witch smtp cons too, from big botnets since years i didnt found a allaround solution to reduce that. For me its not a question how
    Message 1 of 13 , Nov 30, 2007
    • 0 Attachment
      Patrick T. Tsang schrieb:
      > Hello,
      >
      > Of course you can whitelist IPs, but how many you can make?
      > My working approach is to apply iptables to limit incoming port 25
      > connection in certain number within couple of minutes and suspend the
      > connection if it exceeds. Release these IPs after couple of minutes (say
      > 5 mins).
      > This works very great.
      > There is no way to block IPs permanently.
      >
      > Regards
      > Patrick
      >
      >
      >
      >
      > ----- Original Message ----- From: "Terry Carmen" <terry@...>
      > To: "Rob Morin" <rob@...>
      > Cc: "Wietse Venema" <wietse@...>; <jeff@...>;
      > <postfix-users@...>
      > Sent: Saturday, December 01, 2007 4:13 AM
      > Subject: Re: ddos
      >
      >
      >> Rob Morin wrote:
      >>> Do you not use a relay_recipients table...., so the mail gets refused
      >>> at the greeting ?? This is very easy to setup and will help reduce
      >>> server loads...
      >>>
      >> It's one of the first couple of matches on the list. (the first is a
      >> whitelist, the second is CIDRs of countries we don't talk to).
      >>
      >> If it's a Dynamic IP or has no reverse DNS, we don't talk to them.
      >>
      >> So far, we've only had to whitelist maybe 2 IPs. Works like a charm.
      >>
      >> Terry
      >>
      >>
      >>
      >>
      >
      Hi @ll,
      as i am bombed witch smtp cons too, from big botnets
      since years i didnt found a allaround solution to reduce that.
      For me its not a question how and why to reject them with postfix ( this
      works nice for me), i am simply
      bored of this trilliards of log entries produced by bots
      i recommend following the tips of postfix uce readme first, as well as
      the tips from this list this should help reducing spam get through
      and keep performance up for legal mail.

      But in my case this wasnt enough for stopping bots
      I noticed that simply have non working mx as a first and a last dns
      entry worked for Months reducing bot activity, but this was gone a week
      ago, now i use fail2ban and additional static blocks with iptables (
      ips/net taken out from the logs and controlled by senderbase.org which
      produces blacklists for postfix in a http gui )
      specially on my backup mx, i use a 24h block time with fail2ban.

      It helped in my case but be warned , look at your logs this will show
      you what might be the best rules in your case.

      After all i never had a real problem to handle the mail traffic with
      postfix anyway, big thx to Wietse
      I am looking forward to 2.5 release and will setup stress setup then
      as well as other new features.

      --
      Best Regards

      MfG Robert Schetterer

      Germany/Munich/Bavaria
    Your message has been successfully submitted and would be delivered to recipients shortly.