From owner-freebsd-isp Mon Dec 14 12:18:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA06010 for freebsd-isp-outgoing; Mon, 14 Dec 1998 12:18:03 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail5.realtime.net (mail5.realtime.net [205.238.128.241]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA05969 for ; Mon, 14 Dec 1998 12:17:58 -0800 (PST) (envelope-from gee2@realtime.net) Received: from pit ([205.238.164.35]) by mail5.realtime.net ; Mon, 14 Dec 1998 14:17:59 -600 Message-ID: <36757294.4116@realtime.net> Date: Mon, 14 Dec 1998 14:18:28 -0600 From: George Wenzel Reply-To: gee2@realtime.net Organization: Real/Time Communications X-Mailer: Mozilla 3.01C-KIT (Win95; U) MIME-Version: 1.0 To: Alan Batie CC: freebsd-isp@FreeBSD.ORG Subject: Re: sendmail morons References: <19981213000812.44548@rdrop.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alan Batie wrote: > > On Sun, Dec 13, 1998 at 06:43:50PM +1100, Rowan Crowe wrote: > > Also, adding in IPs requires periodic review of the database by a human. > > Since the offending address changes every time (at least in my case), > what I want is a limit on the number of simultaneous connections from > the same domain. These things fill up memory until the whole system > is paging. Until then, I'm going to have script something to implement > such a restriction. > I put up a new mail firewall (www.mailshield.com) and saw something very troubling in my logs as they flew by in real-time. I was seeing a pattern where I would reject a message from a specific ip (a UUNET or PSI dialup IP address for example). Then the SAME rejection pattern would occur again 1/4th of a second later on another IP address (another dialup IP, this time from a different ISP). THEN another and another... Over a 2 second period the same message would attempt to get delivered 8 different times by 8 dialup IP addresses on 8 different ISP's. Then 20 minutes later the pattern would come again, from a NEW set of 8 IP addresses. Now these are some serious spam-bots running. They hammer /hard/ when they hammer. This year I went from a level of comfort to 24/7 overload, over a three week period starting in mid November. The holiday season is bringing out a new crop of spammers, only now they are better armed. I replaced my mail server with something running smarter software, and with the Mailshield product I'm starting to think I might get to stop wrestling with mail long enough to have a holiday myself! Previous attempts to firewall using perimeter MXing caused the problem to get worse when our mailqueues were clogging with undeliverable bounce messages. Mailshield pushes unknown user rejections to the edge of your mail network, allowing you to keep the responsibility of bounce processing limited to the sending mail server. In the short time we have been running Mailshield it has made the difference between a server that is useless, and a server that has room to grow by almost an order of magnatude. George Death to spam! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message