Hosting Provided By

Re: [OT] Seeing increase in smtp concurrency ?

From: mouss <mouss(at)netoyen.net>
Date: Thu Sep 06 2007 - 18:52:00 EDT

Aaron Wolfe wrote:

> On 9/6/07, Jeff Chan  wrote:
>

>> Quoting Rajkumar S <rajkumars@gmail.com>:
>>
>>
>>> Hi,
>>>
>>> Does any one seeing increasing smtp concurrency for the past couple of
>>> weeks? I run couple of (qmail/simscan/spamassassin) mail servers and
>>> all experience the same problem. The spam does not increase, but this
>>> is hogging my mail servers. Probably a new crop of spamming tools?
>>>
>>> I am attaching one qmail-mtrg graph that shows the problem.
>>>
>>> http://img403.imageshack.us/img403/2224/smtpmonthyq4.png
>>>
>>> raj
>>>
>>>
>> Some botnets are starting to hold mail connections open for much longer
>> after
>> getting a 5xxx blacklist response. Reason is unknown; could be coding
>> errors
>> or deliberate. Many people are changing their smtpd timeouts form the RFC
>> 300
>> seconds down to 45 seconds:
>>
>> http://blogs.msdn.com/tzink/archive/2007/09/01/new-spamming-tactic.aspx
>>
>> Here's the postfix for it:
>>
>>
>> ## to deal with botnets not hanging up
>> # Drop default from RFC limit of 300s to 45s
>> #
>> smtpd_timeout = 45s
>>
>>
>> Some people are even using 10 seconds, which seems short to me. The RFC
>> requires 300 seconds.
>>
>> Jeff C.
>>
>>

>
>
>
> Same problem here on several servers.  Reducing the timeout helps, but
> violates RFC and is simply reducing the effects rather than fixing the
> issue.  Is there any RFC valid way for a server to hang up on a client,
> especially after a 5xx?
>

If you suspect this is a zombie (pbl.spamhaus.org, generic rDNS, "farway", completely broken smtp client...), then return 421 and close the connection instead of return 5xx. Received on Thu Sep 6 18:41:39 2007

This message: [ Message body ]
Next message: mouss: "Re: Maybe I'm dense..."
Previous message: mouss: "Re: HOME of non-existing users"
In reply to: Aaron Wolfe: "Re: [OT] Seeing increase in smtp concurrency ?"
Next in thread: Matus UHLAR - fantomas: "Re: [OT] Seeing increase in smtp concurrency ?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sat Oct 27 2007 - 00:44:37 EDT