Brian Szymanski wrote:
Does anyone have any ideas for dealing with a DDOS? We're currently
getting slammed with bogus bounce messages to the tune of 1.5 million a
day, and it's hard for regular clients to get a word in edgewise. We've
made sure all of our clients are using SSL instead of TLS since that
port doesn't get hit by bounces, which ensures internal emails get thru,
but we're wondering if we have reliable delivery from outside at this point.
Along with the other suggestions you've been given (e.g. make sure you are
validating the destination e-mail address as early as possible), you might want
to consider adding a different blacklist. I just recently added
dul.dnsbl.sorbs.net to our list (along with zen.spamhaus.org and our internal
listing), because I was getting a lot of spam from Chinese IP blocks which were
too diverse to play whack-a-mole. The DUL list specifically blocks known
dynamically allocated IP blocks.

If this is a true DDOS, and not just blowback from a distributed spam run, the
hosts that are hitting you are very likely to be zombies located on dynamic
blocks, *not* legitimate e-mail servers. Your risk of blocking legitimate
e-mail should be very low (i.e. I have not, in the last month, had a single
report of a legitimate server with a dynamic IP address being blocked).
Obviously if you go this route, you are strongly urged to have an internal DNS
whitelist ready to go, just in case you do need to whitelist more than a few



Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 4 of 10 | next ›
Discussion Overview
groupqpsmtpd @
postedAug 11, '07 at 1:13a
activeAug 16, '07 at 5:44p



site design / logo © 2019 Grokbase