Hi,

Having a problem with high incoming traffic and have checked that this drops dramatically when postfix is stopped. Hence I ran tcpdump and found that a couple of customers who connect via BT Openworld but use our server to relay their emails (using saslauthd) appear to be generating a lot of packets.

I ran "tcpdump dst port 25" and a typical response was:

IP host111.111.111.111.in.addr.btopenworld.com.34188 > mail.ourserver.net.smtp: P 158426:159828(1402) ack 1 win 65246

IP not shown to protect the guilty!

These are just streaming through as fast as I can see them! I assume that the whole lot errored on the first packet but that the data is still just being transmitted.

Anyone have any ideas as to what I can do to get this load down again before my bandwidth charges go through the roof?

Carl.

If I were you, I'd start seeing what the mail contains. Not the best thing to do of course, but if you can see that it's not legit mail, then you've got the option of restricting their access through saslauthd.

see
man 5 postconf

or
always_bcc

(always_bcc, could be switched on temporarily, to see what's going on)

Ronald.