LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-17-2014, 09:30 AM   #1
gaurvrishi
Member
 
Registered: Apr 2012
Posts: 51

Rep: Reputation: Disabled
Smile Ddos attack


Hi,

I am running mail server in exim and using SMTP auth mechanism in that. But i am getting ddos attack from different IP and from that mail are sending. Also i am using rate limit option in Exim configuration. Please suggest how to block the DDOS attack which is coming from different country
 
Old 11-17-2014, 09:53 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,785

Rep: Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159
Quote:
Originally Posted by gaurvrishi View Post
Hi,
I am running mail server in exim and using SMTP auth mechanism in that. But i am getting ddos attack from different IP and from that mail are sending. Also i am using rate limit option in Exim configuration. Please suggest how to block the DDOS attack which is coming from different country
Is this the same EXIM server you asked about before, going back two years now?

http://www.linuxquestions.org/questi...im-4175411389/
http://www.linuxquestions.org/questi...ed-4175412085/
http://www.linuxquestions.org/questi...em-4175455364/
http://www.linuxquestions.org/questi...ue-4175455872/

The one where you were told VERY CLEARLY, that you SHOULD NOT RUN OR USE?? That same server? The one running on the unsupported version of RHEL, using software that RHEL explicitly tells you not to use? If so, that is the number one problem you're having....you asked for advice about exim before, and seem to have totally ignored it. This is the reason that advice was given to you. There are several possible solutions that Google can point you to:
http://forums.cpanel.net/f185/ddos-a...tp-386312.html

...but you don't tell us what version/distro of Linux, what you've done/tried so far, version of exim, etc.
 
Old 11-17-2014, 10:44 AM   #3
gaurvrishi
Member
 
Registered: Apr 2012
Posts: 51

Original Poster
Rep: Reputation: Disabled
Hi,
Please find the details

2014-11-17 22:10:39 1XqPLy-0001bz-O5 <= fo@xyz.com H=(nunecysy) [81.163.48.11] I=[118.67.248.47]:25 P=esmtpa A=login:enquiry@xyz.com S=1354 id=710B5DAFF85C976A101AACB68A0A4A37@nunecysy T="hajon"
2014-11-17 22:10:39 1XqPLy-0001bz-O5 => discarded (system filter)
2014-11-17 22:10:39 1XqPLy-0001bz-O5 Completed


In the log i am discarding those msg and domain name has been replaced. Please suggest

CentOS release 5.3 (Final)
x86_64
exim-4.69
 
Old 11-17-2014, 11:25 AM   #4
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,238
Blog Entries: 11

Rep: Reputation: 2287Reputation: 2287Reputation: 2287Reputation: 2287Reputation: 2287Reputation: 2287Reputation: 2287Reputation: 2287Reputation: 2287Reputation: 2287Reputation: 2287
http://www.mailradar.com/openrelay/
 
Old 11-17-2014, 12:24 PM   #5
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,785

Rep: Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159
Quote:
Originally Posted by gaurvrishi View Post
Hi,
Please find the details

2014-11-17 22:10:39 1XqPLy-0001bz-O5 <= fo@xyz.com H=(nunecysy) [81.163.48.11] I=[118.67.248.47]:25 P=esmtpa A=login:enquiry@xyz.com S=1354 id=710B5DAFF85C976A101AACB68A0A4A37@nunecysy T="hajon"
2014-11-17 22:10:39 1XqPLy-0001bz-O5 => discarded (system filter)
2014-11-17 22:10:39 1XqPLy-0001bz-O5 Completed


In the log i am discarding those msg and domain name has been replaced. Please suggest

CentOS release 5.3 (Final)
x86_64
exim-4.69
And please see the information you were given BEFORE, and ignored. AGAIN:
  • Exim is NOT AVAILABLE for RHEL/CentOS..you were told this before, and ignored what was said, and loaded it anyway.
  • You are using a VERY old version of Exim...you were advised before to use the latest (4.80 in 2012), and it's now up to 4.84
  • You are using a VERY old version of CentOS..5.3 is end-of-life/unsupported for some time now, and is unpatched and insecure.
Do not be surprised that you're having problems. You ignored the documentation and advice from MANY people, and are using insecure, unpatched, unupdated software. To add to that, it seems like you're also ignoring the (old) Exim documentation, about NOT running an open relay.
 
  


Reply

Tags
exim4


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: World Live DDoS attack maps Live DDoS Monitoring LXer Syndicated Linux News 0 08-09-2014 08:30 PM
DDos attack? Achical Linux - Security 4 11-03-2012 10:54 AM
DDOS attack help me dheeraj4uuu Linux - Security 9 05-31-2009 03:07 PM
DDOS Attack studiofos Linux - Security 3 09-12-2006 03:42 AM
ddos attack ashis Linux - Security 1 06-14-2001 02:31 AM


All times are GMT -5. The time now is 10:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration