John, since the attache is comming from multiple servers, i cannot blcok a single IP. and the acess.db file would still require sendmail to at least look at the incomming mail.i.e starting aprocess for it. i need something that happends before the mail reaches the sendmail process... sort of like a gate keeper, that checks the mail recipient and checks if it's aviable or not, before it hads it to sendmail for delivery. regards -----Original Message----- From: John Andersen [mailto:jsa@pen.homeip.net] Sent: Saturday, November 02, 2002 10:23 AM To: Evert Smit; suse-security@suse.com Subject: Re: [suse-security] DOS on sendmail daemon On Friday 01 November 2002 11:55 pm, Evert Smit wrote:
Hi List,
i am having a security issue sort of, and was wondering if you know any solutions to this. Someone is bombarding my server with mail, forcing sendmail to run the max allowed child processes and start to reject requests to send mail. what techniques could i use to filter the traffic to sendmail before it acctually hits the daemon, and therefor prevent the high load on it?
regards Evert Smit
If you have a firewall installed, simply block that IP. Iptables can do this for you. I use www.shorewall.net to set it up but I suspece susefirewall will do it too. You could also do this with the access.db but its better to block them with iptables. -- _________________________________________________ No I Don't Yahoo! And I'm getting pretty sick of being asked if I do. _________________________________________________ John Andersen / Juneau Alaska -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here