From: JD Bronson (jbronsonsixcompanies.com)
Date: Tue Jan 01 2008 - 16:22:53 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am looking for any advice on how to mitigate an attack.

I appear to be under attack from IPs all over the world attempting
to send email to one of my domains with all invalid usernames:

For example:
            1 Laasixcompanies.com (<>)
            1 Leitnerkkiwhsixcompanies.com (<>)
            1 lemerandsixcompanies.com (<>)
            1 Linassixcompanies.com (<>)
            1 Littleflowersixcompanies.com (<>)
            1 Lounekmmhvpsixcompanies.com (<>)
            1 isabelle.lundquistsixcompanies.com (<>)
            1 merloptlqsixcompanies.com (<>)
            1 Mikhail-Rowensixcompanies.com (<>)
            1 Miu_Connollysixcompanies.com (<>)
            1 Natorywasixcompanies.com (<>)
(tons and tons of these)

..I run 'pf' and configured it to track IPs and connection attempts
and its working very well (starts to blackhole abusive IPs) but
postfix still can run out of max processes and refuse legit requests.

Other than using pf and the connection controls within postfix, is
there anything else I could/should be doing or just ride this out?

it has been all day so far...

-JD

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]