> I use Postfix's anvil to limit per-client connections and also enforce
> rates of sending. If someone tries to connect and doesn't (for example)
> wait until my system sends its banner, that's considered an error (fully
> compliant SMTP MTAs pause, per rfc, until the banner; spam bots just
> blast an EHLO out and then fire RCPTs). RCTPs to non-addresses on the
> system are considered error, and a couple causes a connection to be
> booted (which frees us resources).
Well yesterday I peaked at 400 simultaneous connections; today with
the PBL block in the MTA, a 24 iptables blacklist if someone on the
PBL tries again or issues 5 invalid RCPTs (over 2000 listed in 24
hours), I'm down to 150 connections.
Hopefully now I'll stop getting paged.
Received on Fri Oct 5 11:59:18 2007
This archive was generated by hypermail 2.1.8 : Fri Oct 05 2007 - 11:59:23 CST