[Greylist-users] Stopping "machine gunners" - not really a greylist issue

Matt Prigge mprigge at pobox.com
Thu Mar 2 11:15:49 PST 2006


>
> What I am looking / hoping for is just a way to throttle connections by IP
> so the next time I get flooded from a single IP (either legit or SPAM) I
> can
> get sendmail just to ignore them until some time has passed.
>

It depends what platform you're on, but you may be able to make use of your
kernel's IP filtering capability to accomplish this. The system overhead
should be significantly less than using any database-driven method, but will
obviously require more memory in kernel space to keep track of what hosts
have recently tried connecting. Whether that makes a difference to you will
largely depend upon how busy your server is.

An example (using SSH in this case, but the same could be applied to SMTP)
of doing this using IPTables on Linux can be found here:

http://www.debian-administration.org/articles/187

Keep in mind that using this type of approach will usually result in a
permenant failure on the sending server since your server will appear to be
unavailable while the rate limiting is triggered. The thresholds that you
use should be set to match illegitimate traffic only. This approach probably
wouldnt work well for limiting legitimate (but misconfigured) hosts for this
reason, but it may help with the illegitimate stuff.

HTH - Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.puremagic.com/pipermail/greylist-users/attachments/20060302/6ffca81a/attachment.htm 


More information about the Greylist-users mailing list