Re: [courier-users] Same problem with courier-mta as with exim [FW

--===============1085219195==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="WOTjKnJ88wpJKlWH"
Content-Disposition: inline


--WOTjKnJ88wpJKlWH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Am 2007-09-28 22:10:01, schrieb Jeff Jansen:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Michelle Konzack wrote:
> > In theorie... -- but they hit me periodicaly with over 200 per second.
>=20
> You're seeing 200 hits a second! From the same ip addresses or
> different ones all the time?

Today morning I was hit at ~08:00 CET arround 17 minutes from
86 different IP's and each IP had 30-80 hits per second.=20

Which make in summary over 4.100.000 hits.

My logfiles explode!!! 8 GByte in less then 17 minutes.

200 per second was the highest score for ON IP.

The question is, WHICH server is this? A hijacked/owned PC
on a ADSL or cable modem can not produce such traffic.

I have only a Dual STM-1 (311 MBit) but the Server is a Sun BLade
with 32 CPU's and 128 GByte of memory

> Since no single ip address should be hitting your server that often, you
> could rate limit incoming connections to your port 25 with iptables:
>=20
> iptables -A INPUT -p tcp --dport 25 -m state --state NEW \
> -m recent --set
> iptables -A INPUT -p tcp --dport 25 -m state --state NEW \
> -m recent --update --seconds 60 --hitcount 10 -j DROP
>=20
> If it sees more than '--hitcount' new connections in '--seconds' number
> of seconds, it will start dropping connections, until there are less
> than '--hitcount' new connections in '--seconds' number of seconds.
>=20
> This doesn't know whether connections are authenticated or not,
> obviously. It just keeps track of how often new connections come in
> from individual ip addresses and drops any that are over the limit.

And this is my problem.

Now imagine the server support 17000 users and the switch
on there computers between 08:00 and 09:00...

iptables dos unfortunatly not work for such scenario.


Thanks, Greetings and nice Day
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant


--=20
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)

--WOTjKnJ88wpJKlWH
Content-Type: application/pgp-signature; name="signature.pgp"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFG/RSMC0FPBMSS+BIRAqhZAKCdFk3dhab7HChRJmXNHgzNVfKGCQC fZ6/I
D3Ob5De8DUrKPR4E2axSb+I=
=lufC
-----END PGP SIGNATURE-----

--WOTjKnJ88wpJKlWH--


--===============1085219195==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
--===============1085219195==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users

--===============1085219195==--