Unfortunately it is not, migual, here is how the attack happends. Some iditot is sending thousands of mails with the wrong header to other mail servers. those reject the mail because the user is unkown and send the notify to my domain, and this is how the sendmail get's overloaded. stupid but simple, so i need an agent checking all mails before they come to sendmail, basically same idea as inetd mamaging port 25 and handing it to sendmail. this agent should allow to define some rules like, accept for this and this mail adress, but deny all the rest. and since i am running miltiple domains on this server, it should only affect one domain. regards -----Original Message----- From: Miguel Albuquerque [mailto:mfoacs@e-workshop.ch] Sent: Saturday, November 02, 2002 9:49 AM To: Evert Smit Cc: suse-security@suse.com Subject: Re: [suse-security] DOS on sendmail daemon Evert Smit wrote:
John,
since the attache is comming from multiple servers, i cannot blcok a single IP. and the acess.db file would still require sendmail to at least look at the incomming mail.i.e starting aprocess for it. i need something that happends before the mail reaches the sendmail process... sort of like a gate keeper, that checks the mail recipient and checks if it's aviable or not, before it hads it to sendmail for delivery.
But you can block an IP range ie. 192 REJECT will block all network 192.x.x.x. -- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch