Re: How might I prevent this?

On Wed, Apr 07, 2004 at 12:36:40AM -0400, Shaun T. Erickson wrote:
> Just saw this article posted on the spamassassin list about how to bring
> down a server with certan bounces:
>
> http://www.newscientist.com/news/news.jsp?id=ns99994858
>
> Is there anything I can do, in my postfix configuration, to prevent my
> system from being used to launch such an attack, or to survive being hit
> by one?
>
> -ste

Unless I totally misread what is here, this is just a bounce attack.
Neither new nor surprising.

If your postfix server is configured to reject invalid users during
SMTP, it cannot launch such an attack. If you accept and later
bounce invalid users, you can reduce the impact by setting a fairly
low bounce_size_limit, which defaults to a generous 50,000 bytes.

If you are a target, postfix performs well under load and is not
likely to crash, but the bandwidth used on your internet connection
could be a problem. In this particular situation, you could probably
reduce the impact by rejecting the target recipient name (the forged
sender of the original mail) during SMTP.
The anvil client rate control (postfix 2.1 feature) could prevent one
server from making thousands of deliveries in a short time frame.


--
Noel Jones