Tags
Random image
valid rcptto patch
Tn the last couple of weeks my qmail server was under heavy traffic that rendered it mostly inaccessible.
the facts
what hapened was that too many smtp sessions were opened sending too many messages to non-existing accounts, we're talking here about 512 incoming smtp connection, over 6000 mails in the queue and over 256 outgoing smtp connection, and if that is not enough over 60 concurrent local deliveris.
the analysis
i kept analyzing the situation and the logs of qmail and the pix firewall and i ended up with the following analysis "i'm under attack" - i'm brilliant huh - this could be a script kiddie, a worm or whatever but one the domains i have was targeted by a lot of smtp connections
any way more analysis,
1. the offending hosts were probably on a dynamic IP cause whenever i blocked the ips that are sending too many mails, the attack never stops and the list just grows bigger
2. the offending hosts were opening so many connections down to the DATA part of the smtp protocol with a variable data length and then not sending a QUIT
3. the qmail default smtp timeout 1200 seconds which is too long
waiting 20 minutes for a timeout is too long that leads to a full smtp limit of offending hosts and denying legitimate clients
the solution
i tried greylisting but that just didn't worlk well for me, so now i'm left with only one option. sinse most if not all of the offending emails are being delivered to non-existing users then i need to deny those emails at the smtp level and not wait untill the message is received and checked for spam or viruses and then generating a failure notice.
denying these mails at smtp level will reduce the resources wasted on unwanted mail.
so the only solution is to patch my server to deny mails to non-existing users at smtp level.
in case you didn't know my server is built following the qmr guide which uses patches made by john simpson but the qmr guide uses an old version of john's patches and already doesn't include the patch i needed.
so i had to get the new version of the patch set from john and patched a clean qmail source and did some changes to� my qmail-smtpd run script.
the proocess was staright forward and john's site had detailed instructions.
i recommend anyone to patch his qmail with that patch right away.
for more info about qmail see this.
- ramez hanna's blog
- Add new comment
- 465 reads
Recent blog posts
- creating fedora 16 aos with appliance-creator
- pekwm maximize windows on top of tint2
- enlightenment 17 is out of fedora
- lxc fedora script lxc-fedora [UPDATE]
- OBS source service from git master to build
- using e17 with gnome3 session
- lxc 0.7.4.1-1 for fedora 14
- How to refresh all tabs in opera
- Upgrade
- virtual network interfaces
Navigation
Syndicate
Recent comments
6 weeks 7 hours ago
9 weeks 6 days ago
12 weeks 2 days ago
12 weeks 6 days ago
21 weeks 13 hours ago
2 years 9 weeks ago
2 years 9 weeks ago
2 years 9 weeks ago
2 years 22 weeks ago
3 years 29 weeks ago