Dictionary Attacks

[DAve]

Martin Hepworth wrote:
> DAve wrote:
>> I spoke to soon last week. Staring Friday we came under a heavy old 
>> fashioned dictionary attack. Each day from noon until 4pm EDT.
>>
>> The IPs are so widely scattered it seems it would do no good to track 
>> them. Right now milter-grey is consuming over 50% of my CPUs. If it 
>> follows the same course as the prior days, about the time the attack 
>> on one server starts to ease up it will increase on the next server.
>>
>> Milter-ahead is dealing with the connections that return. It could 
>> turn into a DOS with a few thousand more connections. Funny but there 
>> are so many connections for non-existant accounts that my load has 
>> fallen nearly to the floor. There is no traffic for MailScanner to 
>> operate on, the server is so dang busy telling zombies to go away.
>>
>> There has to be a better way to make a living than this 8^(
>>
>> DAve
>>
> Dave
> 
> if you've paid for milter-ahead shouldn't it merely reject rctp-to that 
> don't exist????
> 
> Or is it the sheer number of connections that are killing you?
> 

Sheer number of connections. Right now Milter-grey is handling all it 
can on all three servers. What does come back is getting caught by 
Milter-ahead. I've changed my timeouts on Sendmail to as low as I dare 
and that has helped kick them off earlier it seems.

DAve

-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.