Protect from DoS?

Matt Kettler mkettler at EVI-INC.COM
Wed Nov 2 01:38:42 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Devon Harding wrote:
> How can I protect my MailScanner/sendmail server against DoS attacks? 


Well, that's at least a 300 page book.. Is there some specific aspect of DoS
protection you're interested in?

I'll take it from the sendmail perspective, and keep it brief.

In general, you'll never get to 100% DoS proof on a mailserver, short of
unplugging it. But, you can make yourself a lot more resistant to DoS attacks.

First things to do are to enforce some basic limits in your sendmail.mc. Here's
a quick sample of some important settings to consider. Although you might want
different settings than these, it's a quick reference of some things to consider.

#suggested options for privacy reasons:
define(`confPRIVACY_FLAGS',`needmailhelo,authwarnings,novrfy,noexpn,restrictqrun')
#put up a banner stating that UCE is prohibited
define(`confSMTP_LOGIN_MSG', `$j Unsolicited Commercial Email prohibited')

#Some minor DoS protection:
#limit the number of sendmail children
define(`confMAX_DAEMON_CHILDREN', 50)
#no more than 500 connections per second.
define(`confCONNECTION_RATE_THROTTLE',500)

#limit messages to 1gig max. This is pretty huge.
define(`confMAX_MESSAGE_SIZE', 1000000000)

#don't accept mail if less than 1mb of space in queue partition
define(`confMIN_FREE_BLOCKS', 1000)

#Limit email messages to at most 32kb of headers
define(`confMAX_HEADERS_LENGTH', 32768)

#at most 150 recepients per message
define(`confMAX_RCPTS_PER_MESSAGE', 150)

#after 15 invalid recpipients, start slowing them down with
#1 second sleeps (dictionary attack control)
define(`confBAD_RCPT_THROTTLE',15)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list