So our server has been under a DDoS email bomb for the past 5 days, tens of thousands of IPs.
Banning all these IPs with iptables helps temporarily but eventually iptables runs out of memory at about 53000.
Do the firewalls that The Planet provide have the ability to block this kind of attack?
Full Version: Protection against DDoS email bomb?
Can't you just delete the email account and make a new one? What exactly are they doing?
I would also review how your server(s) handle the incoming emails. Are you running an effective means of rejecting the emails like rDNS?
They are sent to non existing mailboxes, the default CPanel Exim config couldn't handle all the garbage. I made some changes and it's no longer affecting us in a significant manner.
They are still coming, no sure whats the point of these, I just checked the logs and in the past 6 hours 60,000 have come in. It's been like this non-stop for couple of weeks, all unique IPs so banning them does not work.
They are still coming, no sure whats the point of these, I just checked the logs and in the past 6 hours 60,000 have come in. It's been like this non-stop for couple of weeks, all unique IPs so banning them does not work.
enable RBLs, it wont stop it, but it will help.
QUOTE (jjhurani @ Mar 19 2008, 10:03 PM) 
enable RBLs, it wont stop it, but it will help.
Packetbl + iptables w/ the right iptables rules and blacklists should effectively slow and/or stop this all together.
Why dont you get Spirus from The Planet? It will protect your mail server from Mail bombs and attacks. Or you can get Postini or Mailfoundry too.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.