LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 09-18-2003, 08:48 AM   #1
Nicke
LQ Newbie
 
Registered: Sep 2003
Location: Stockholm, Sweden
Posts: 3

Rep: Reputation: 0
Prevent mailbombing in Postfix


Hi,

Is there any way you can prevent a sending mailserver from sending more than X messages in Y time ?? We have a problem with one open relay sending us 570 000 mail in one night...

/Niklas
 
Old 09-18-2003, 11:22 AM   #2
cnjohnson
Member
 
Registered: Nov 2002
Location: Nashville
Distribution: FreeBSD, Linux, OS-X
Posts: 544

Rep: Reputation: 30
Since you have no control over the box sending mail to you, it cannot be done. You have to filter the mail instead. I would guess you could have your router drop all packets that come from the IP address of the offending box.

Send e-mail to the owner of the box, too. Encourage them to change their ways.

Cheers--
Charles
 
Old 09-18-2003, 11:43 AM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
this link MIGHT help:

http://www.postfix.org/rate.html
 
Old 09-18-2003, 02:09 PM   #4
cnjohnson
Member
 
Registered: Nov 2002
Location: Nashville
Distribution: FreeBSD, Linux, OS-X
Posts: 544

Rep: Reputation: 30
Quote:
Originally posted by win32sux
this link MIGHT help:

http://www.postfix.org/rate.html
Unfortunately, by the time the 570,000 have arrived it is too late to do anything about them, except have the MTA drop them silently.

However, the link you gave is important for showing how an e-mail admin can play nicely.

Cheers--
Charles
 
Old 09-18-2003, 03:36 PM   #5
Nicke
LQ Newbie
 
Registered: Sep 2003
Location: Stockholm, Sweden
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks..

Thanks for the help, however, I checked out that page before posting.

Shouldn't there be any way to check who the sending host is and count the number of mail received from the same host in Y amount of time ??

The FW idea is good.. I will investigate further if there is a function where you can check the connection rate in order to drop to heavy traffic from the same IP.

/Niklas
 
Old 09-18-2003, 04:12 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
i don't know how to do it right now, but i am 100% sure iptables can do the connection limiting thing... perhaps someone will post a link or something...

but this does sound like something an anti-denial of service for mail server tools would do... i mean there has to be someone out there that made a script or something to keep one's mail server form getting bombed.

anybody?
 
Old 09-18-2003, 04:20 PM   #7
Nicke
LQ Newbie
 
Registered: Sep 2003
Location: Stockholm, Sweden
Posts: 3

Original Poster
Rep: Reputation: 0
Found one..

Just found an interesting article..
Hope we can port it to Debian...

http://deny-spammers.sourceforge.net...tml/index.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix send mail problem(In RH9, kernal 2.4.20, postfix 2.1.5) minor Linux - General 4 07-11-2005 09:12 PM
Adding a delay to Sendmail due to mailbombing LeffeH Linux - Software 1 04-28-2004 11:33 AM
how to prevent Bogons ? basbosco Linux - Security 5 03-01-2004 10:35 PM
can't start postfix ./postfix status error jules_fraser Linux - Software 3 12-06-2003 06:33 PM
prevent an IP to get out? jimval7 Linux - Security 16 05-09-2003 09:58 AM


All times are GMT -5. The time now is 01:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration