From owner-freebsd-isp Thu Apr 23 10:15:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA12559 for freebsd-isp-outgoing; Thu, 23 Apr 1998 10:15:09 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA12553 for ; Thu, 23 Apr 1998 10:15:03 -0700 (PDT) (envelope-from kpielorz@tdx.co.uk) Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242]) by caladan.tdx.co.uk (8.8.8/8.8.8) with ESMTP id SAA19041; Thu, 23 Apr 1998 18:14:58 +0100 (BST) (envelope-from kpielorz@tdx.co.uk) Message-ID: <353F7712.67E301EE@tdx.co.uk> Date: Thu, 23 Apr 1998 18:14:58 +0100 From: Karl Pielorz Organization: TDX X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: Blaine Minazzi CC: ISP@FreeBSD.ORG Subject: Re: Whats this?? References: <353F6DE5.30C680DC@w3page.com> <353F713A.3600E6DE@tdx.co.uk> <353F747F.421098FA@w3page.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Blaine Minazzi wrote: > Thanks... I currently have 8.8.8, with the anti relaying patches also > the RBL stuff, with POP Before Sendmail so my customers can relay, but > no one else... I also maintain a list of annoying IP addresses that I > deny mail access to. > > But, last night I have recieved over 700 of these connections, and was > concerned that there might be some form of attack going on, Since I > found the system loaded down with sendmail processes, with lots of open > connections. You should be able to control this with your sendmail.cf - theres settings so you can set a load average to only queue above, and another to deny connections all together - as well as others for the max. number of children allowed at any one time etc. - What are these set to at the moment? - They might need decreasing... > I thought perhaps there might be some new hole that someone is using to > do a D.O.S. attack, or, a new way to get around my anti-spam, anti-relay > patches. There still could be... If it gets bad - and your machine has bpf (packet filter compiled into the kernel) try grabbing some of the data to disk (tcpdump -w etc. - see the man pages) - you can then look through them (be careful not to run out of disk space though! ) Regards, Karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message