From owner-freebsd-isp Sat Jan 11 6:15:25 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D042C37B401 for ; Sat, 11 Jan 2003 06:15:22 -0800 (PST) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1005943F13 for ; Sat, 11 Jan 2003 06:15:21 -0800 (PST) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.de [212.184.201.182]) by net2.dinoex.sub.org (8.12.6/8.12.6) with ESMTP id h0BEF50k019541; Sat, 11 Jan 2003 15:15:07 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) X-Authentication-Warning: net2.dinoex.sub.org: Host dinoex@net2.dinoex.de [212.184.201.182] claimed to be net2.dinoex.sub.org Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.6/8.12.6/Submit) with BSMTP id h0BEF4M7019524; Sat, 11 Jan 2003 15:15:04 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-isp@FreeBSD.ORG, vishal@southernonline.net (Vishal Gandhi Kommineni) Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: Sendmail ignoring hosts.allow Date: Sat, 11 Jan 2003 15:09:30 +0100 X-Mailer: Dinoex 1.79 References: <3E1AA183.1060604@saudi.net.sa> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-Accept-Language: de,en X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-No-Archive: yes X-ZC-VIA: 20030111000000W+1@dinoex.sub.org Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Rayed Al-Rashed wrote: > Our mail server was under DOS attack, and I was trying to stop the new > connections using /etc/hosts.allow but I couldn't do it. > The entry in /etc/hosts.allow: > sendmail : xx.xx.xx.xx : DENY > and I even tried: > ALL : ALL : DENY > but still doesn't work, I installed sendmail from the port, and I also > checked tcpwrapper support: I checked myself and /etc/hosts.allow is checked after the connection has been established: $ telnet test 25 Connected to test. Escape character is '^]'. 220 xxxxxxxxxxxxxxxxxx ESMTP Sendmail 8.12.6/8.12.5; Sat, 11 Jan 2003 13:29:01 +0100 (CET) EHLO fqdn.com 550 5.0.0 Access denied QUIT 221 2.0.0 xxxxxxxxxxxxxxxxxx closing connection Connection closed by foreign host. connect from a denied IP in /etc/hosts.allow and see if you get "550 5.0.0 Access denied" too. It keep sendmail not from forking, but forking is relativly cheep on FreeBSD. you might like to configur some limtes with: confCONNECTION_RATE_THROTTLE ConnectionRateThrottle [undefined] The maximum number of connections permitted per second per daemon. After this many connections are accepted, further connections will be delayed. If not set or <= 0, there is no limit. confREFUSE_LA RefuseLA [varies] Load average at which incoming SMTP connections are refused. Default values is (12 * numproc) where numproc is the number of processors online (if that can be determined). confDELAY_LA DelayLA [0] Load average at which sendmail will sleep for one second on most SMTP commands and before accepting connections. 0 means no limit. kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message