LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Ddos attack (https://www.linuxquestions.org/questions/linux-newbie-8/ddos-attack-4175525656/)

gaurvrishi 11-17-2014 09:30 AM
Ddos attack
 
Hi,

I am running mail server in exim and using SMTP auth mechanism in that. But i am getting ddos attack from different IP and from that mail are sending. Also i am using rate limit option in Exim configuration. Please suggest how to block the DDOS attack which is coming from different country

TB0ne 11-17-2014 09:53 AM
Quote:
Originally Posted by gaurvrishi (Post 5270898)
Hi,
I am running mail server in exim and using SMTP auth mechanism in that. But i am getting ddos attack from different IP and from that mail are sending. Also i am using rate limit option in Exim configuration. Please suggest how to block the DDOS attack which is coming from different country
Is this the same EXIM server you asked about before, going back two years now?

http://www.linuxquestions.org/questi...im-4175411389/
http://www.linuxquestions.org/questi...ed-4175412085/
http://www.linuxquestions.org/questi...em-4175455364/
http://www.linuxquestions.org/questi...ue-4175455872/

The one where you were told VERY CLEARLY, that you SHOULD NOT RUN OR USE?? That same server? The one running on the unsupported version of RHEL, using software that RHEL explicitly tells you not to use? If so, that is the number one problem you're having....you asked for advice about exim before, and seem to have totally ignored it. This is the reason that advice was given to you. There are several possible solutions that Google can point you to:
http://forums.cpanel.net/f185/ddos-a...tp-386312.html

...but you don't tell us what version/distro of Linux, what you've done/tried so far, version of exim, etc.

gaurvrishi 11-17-2014 10:44 AM
Hi,
Please find the details

2014-11-17 22:10:39 1XqPLy-0001bz-O5 <= fo@xyz.com H=(nunecysy) [81.163.48.11] I=[118.67.248.47]:25 P=esmtpa A=login:enquiry@xyz.com S=1354 id=710B5DAFF85C976A101AACB68A0A4A37@nunecysy T="hajon"
2014-11-17 22:10:39 1XqPLy-0001bz-O5 => discarded (system filter)
2014-11-17 22:10:39 1XqPLy-0001bz-O5 Completed


In the log i am discarding those msg and domain name has been replaced. Please suggest

CentOS release 5.3 (Final)
x86_64
exim-4.69

Habitual 11-17-2014 11:25 AM
http://www.mailradar.com/openrelay/

TB0ne 11-17-2014 12:24 PM
Quote:
Originally Posted by gaurvrishi (Post 5270933)
Hi,
Please find the details

2014-11-17 22:10:39 1XqPLy-0001bz-O5 <= fo@xyz.com H=(nunecysy) [81.163.48.11] I=[118.67.248.47]:25 P=esmtpa A=login:enquiry@xyz.com S=1354 id=710B5DAFF85C976A101AACB68A0A4A37@nunecysy T="hajon"
2014-11-17 22:10:39 1XqPLy-0001bz-O5 => discarded (system filter)
2014-11-17 22:10:39 1XqPLy-0001bz-O5 Completed


In the log i am discarding those msg and domain name has been replaced. Please suggest

CentOS release 5.3 (Final)
x86_64
exim-4.69
And please see the information you were given BEFORE, and ignored. AGAIN:
  • Exim is NOT AVAILABLE for RHEL/CentOS..you were told this before, and ignored what was said, and loaded it anyway.
  • You are using a VERY old version of Exim...you were advised before to use the latest (4.80 in 2012), and it's now up to 4.84
  • You are using a VERY old version of CentOS..5.3 is end-of-life/unsupported for some time now, and is unpatched and insecure.
Do not be surprised that you're having problems. You ignored the documentation and advice from MANY people, and are using insecure, unpatched, unupdated software. To add to that, it seems like you're also ignoring the (old) Exim documentation, about NOT running an open relay.


All times are GMT -5. The time now is 02:24 PM.