Date: Thu, 23 Apr 1998 18:14:58 +0100 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Blaine Minazzi <bminazzi@w3page.com> Cc: ISP@FreeBSD.ORG Subject: Re: Whats this?? Message-ID: <353F7712.67E301EE@tdx.co.uk> References: <353F6DE5.30C680DC@w3page.com> <353F713A.3600E6DE@tdx.co.uk> <353F747F.421098FA@w3page.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Blaine Minazzi wrote: > Thanks... I currently have 8.8.8, with the anti relaying patches also > the RBL stuff, with POP Before Sendmail so my customers can relay, but > no one else... I also maintain a list of annoying IP addresses that I > deny mail access to. > > But, last night I have recieved over 700 of these connections, and was > concerned that there might be some form of attack going on, Since I > found the system loaded down with sendmail processes, with lots of open > connections. You should be able to control this with your sendmail.cf - theres settings so you can set a load average to only queue above, and another to deny connections all together - as well as others for the max. number of children allowed at any one time etc. - What are these set to at the moment? - They might need decreasing... > I thought perhaps there might be some new hole that someone is using to > do a D.O.S. attack, or, a new way to get around my anti-spam, anti-relay > patches. There still could be... If it gets bad - and your machine has bpf (packet filter compiled into the kernel) try grabbing some of the data to disk (tcpdump -w etc. - see the man pages) - you can then look through them (be careful not to run out of disk space though! <G>) Regards, Karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?353F7712.67E301EE>