Randy Adamczyk spake thusly on Wed, Nov 29, 2006 at 04:29:22PM +0100:
> On Nov 29, 2006, at 2:49 PM, Matt wrote:
>
> >For the past week one of my virtual
> >domains has been slammed by what appears to be a distributed spam
> >attack. I have the validrcptto patch
> >(http://qmail.jms1.net/patches/combined-6c5.shtml)
> >installed - so at least I don't have 80,000 messages trying to bounce.
> >At first it was a big deal because it assisted in maxing out my remote
> >concurrency, but that has subsided quite a bit now - so now it's just
> >annoying me. Is there any real solutions to deal with this? I could
> >add the ip addresses to my iptables . . . but boy would that be a
> >lot of
> >ip's.
>
> i had the exact same problem over the weekend. firewalling the ip
> addresses wouldn't have worked, there were simply way too many. so
> what i did was change the mx record of that particular domain so it
> pointed to a new server. yesterday things finally went back to normal
> so i was able to change the mx back to the original server.
>
--- end quoted text ---
Are you using any antispam techniques? RBLs, greylisting, etc?
I decided to implement the firewall changes listed at http://okean.com in order
to block spam coming from Korea and China. I did see a reduction, but not a
ton since I don't really get hammered anyway. For you it could be more
significant if the bulk of spam hitting your system(s) are from these regions.
You might want to look at tcpblocker (http://inter7.com/?page=tcpblocker) from
inter7. I don't use it personally, but it seems useful. There are other
solutions that were suggested within the past several weeks or so, and I think
there was a script that someone posted that would dynamically apply rules to
iptables.
--
Regards,
Richard
Did this email or post help you? If so, please rate
me at affero: http://rate.affero.net/RhunDraco
pgpadUfKIRphc.pgp
Description: PGP signature
|