postfix-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: A different kind of attack/probe, how can postfix defend against it?

from John Beaver [Permanent Link]
Subject: Re: A different kind of attack/probe, how can postfix defend against it?
From: John Beaver <junk AT leaveittobeaver DOT net>
To: postfix-users AT postfix DOT org
Date: Thu, 09 Aug 2007 12:19:23 -0500 
Justin Piszcz wrote:

Recently, I saw this in my logs:
With iptables I guess I could specify something to block port 25 if it gets hit too many times from _ANY_ ip but that would block legitimate mail; however, it seems as if it the only or best option?
Aug 9 12:47:19 l2 postfix/smtpd[12676]: connect from mx181.populationarea.com[69.31.50.181] Aug 9 12:47:24 l2 postfix/smtpd[12676]: disconnect from mx181.populationarea.com[69.31.50.181] Aug 9 12:47:26 l2 postfix/smtpd[12676]: connect from mx190.webcastersradio.com[69.31.50.190] 

You could try using the anvil feature, if your not already.
From a firewall perspective, I use pf with has a max connection feature to block dynamically. Not sure if IP tables has the same functionality. 

John Beaver
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: A different kind of attack/probe, how can postfix defend against it?, Justin Piszcz
Next by Date:  Re: Queue (mail) IDs, Wietse Venema
Previous by Thread:  Re: A different kind of attack/probe, how can postfix defend against it?, Justin Piszcz
Next by Thread:  Re: A different kind of attack/probe, how can postfix defend against it?, Listaccount
Indexes:  [Date] [Thread] [Top] [All Lists]