OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
postfix getting DOSed from rejected mail from other server

From: Alan (alanufies.org)
Date: Wed Apr 28 2004 - 12:53:10 CDT

Howdy folks...

Last night I had a user note that my system was quite slow, and after a
bit of investigation I found that the 2+ load was caused by postfix. A
user had a procmail rule to forward all mail to him to his home domain,
hosted on a random hosting companies server (ez123host or something like
that). Anyway, they were having some sort of problems with their
system which went from 'temporary local problems' to straight out
rejecting legitimate mail with 550. Anyway, my postfix was cheerfully
trying to send mail to them at the rate of two a second or so, continuously.
Just wondering what I can do to throttle this if it happens again.

The logs show the original 'temporary' problems:
Apr 27 03:01:25 master postfix/smtp[7551]: 889C9B015E: \
   to=<userdomain.net>, relay=domain.net[207.142.xxx.xxx],
   delay=96058, status=deferred (host domain.net[207.142.xxx.xxx] \
   said: 451 Temporary local problem - please try later (in reply to \
   RCPT TO command))

Then the problems that caused the 2/second semi-DOS of my system:

Apr 27 16:54:26 master postfix/smtp[7723]: 889C9B015E: \
   to=<userdomain.net>, relay=domain.net[207.142.xxx.xxx], \
   delay=146039, status=bounced (host domain.net[207.142.xxx.xxx] \
   said: 550-Verification failed for <otheruserufies.org> \
   550-unrouteable mail domain "ufies.org" 550 Sender verify failed \
   (in reply to RCPT TO command))

Looking at this via telnet I can see this:

rootmaster:/home/alan# nc domain.net 25
220-vn1007.hostingdomain.com ESMTP Exim 4.24 #1 Wed, 28 Apr 2004
13:12:53 -0400
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo ufies.org
250 vn1007.hostingdomain.com Hello ufies.org [65.110.xx.xxx]
mail from: <alanufies.org>
250 OK
rcpt to: <userdomain.net>
550-Verification failed for <alanufies.org>
550-unrouteable mail domain "ufies.org"
550 Sender verify failed

In the logs above domain.net is the hosted domain, ufies.org is my
domain (which is doing the mail forwarding) and hostingdomain.com is the
well, web hosting domain :)

Thanks for any advice.

Alan

--
Alan <alanufies.org> - http://arcterex.net
--------------------------------------------------------------------
"There are only 3 real sports: bull-fighting, car racing and mountain
climbing. All the others are mere games." -- Hemingway