DOS Attack on Mail Server

Gerry Doris gerry at dorfam.ca
Fri Sep 20 15:07:18 IST 2002


> On Thu, Sep 19, 2002 at 09:30:55PM -0700, Steve Evans wrote:
>
>> Anyways, my point.  Could mailscanner somehow detect this and stop
>> sendmail from accepting the messages.
>
>
> No, but sendmail (and Exim and any other decent MTA) can be configured
> to refuse connections when the disk is too full.
>
>
> Cheers,
>
>
> Nick

I seem to be attracting all the internet nuts these days???  The night
before last the lastest nut (I think it's him) tried to crash my mail
server using some kind of mail bomb script.

Just after 4:00am my logs show that suddenly sendmail's load increased to
12 and sendmail stopped receiving for 15 seconds.  This happened several
times in a row but didn't have any lasting effects.  The same situation
occurred at 6:00am and then again at 12:00 noon.  The default sendmail
config handled the nonsense in stride.

It looks like the script used just openned the hand shaking repeatedly as
there wasn't any other indication in the logs (ip address etc) of what had
occurred other than the sendmail notices about load max'ing out.

Gerry



More information about the MailScanner mailing list