[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: hammered with Relaying denied- anyone else?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: hammered with Relaying denied- anyone else?
- From: Paul Pruett <ppruett_(_at_)_webengr_(_dot_)_com>
- Date: Thu, 14 Aug 2003 00:51:46 +0000 (GMT)
- Organization: Cocoa Village Publishing - www.cocoavillage.us
after putting a whole bunch of blocked ip addresses
resorting to *.*.0.0/16 and *.0.0.0/8 to get ahead of the
incoming smtp relay requests it started slowing down
and by 9:40 EST abated,
even on the mail servers that I didn't firewall...
I guess someone just wanted to pound on the machines,
and after about 5 hours moved on to somewhere else....
so much fun :(
When I remove the blocks, then we will see...
for the next time...
Is there a clever way to work with the new pf features
to have an openbsd box have sendmail activity create a table that pf can
use for blocks... like if sendmail rejects it or procmail or
whatever... like in this case repeated abusive attempts
to use SMTP AUTH. would have been nice to have
firewall pick up the IP address list --- not thinking to
straight, I need a sugar/caffeine break ;)
just glad the mail is flowing again.
On Thu, 14 Aug 2003, ppruett wrote:
> the mail servers pointed to by MX records that I manage are
> being hammered with attempts to Relay it appears... so much soo
> its serious....
> Even the openbsd 3.3 with spamd and pf setup to use spews...
> started being trouble this afternoon about 4 est...
> I added whole blocks even using aggregate /16 then /8
> to block ip addresses and it helps a little and
> pflog0 is busy!