From: Aaron Wolfe (aawolfegmail.com)
Date: Fri Sep 07 2007 - 02:23:36 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've seen this for a couple weeks and it has been discussed today on the
spamassassin user list. It seems to be a new poorly written bot that
doesn't go away after getting a 5xx. Many of us then are seeing a large
increase in concurrent SMTP sessions that don't do anything.

You can make things better by reducing the smtpd timeout value to a lower
setting than the default 300 seconds, i.e.

smtpd_timeout = 45s

in main.cf

This does violate RFC recommendation of 300 seconds, it might cause trouble
if you have very slow valid connections, and it isn't really a "fix" but it
helps a lot.
-Aaron

On 9/7/07, Payne <paynemagidesign.com> wrote:
>
> Guys,
>
> Last couple of days, my server appears to being attack by a bot network,
> what is strange is I am not seeing any data being sent but I am seeing a
> ton of connections. It gets so bad that I have to restart postfix to
> drop those connection.
>
> I have looked into my logs and I am seeing a ton lost connection. Is
> there anything I can do to stop this?
>
> I am currently setting up a tcpdump to see anything else. Is there a
> time out, or connection control limit I can set to help fight this.
>
> Payne
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]