We will be closing our Store, Sales and Helpdesk from 17:30 Friday, 20th December 2019 to 09:00 Thursday, 2nd January 2020. No orders, support requests or sales emails will be processed between those dates.
If you purchase a license or Service Package before the closing date and require installation, please be sure to leave at least 24 hours before then for the work to be done. Otherwise, any work will be scheduled for after this period.
- Posts: 2
- Joined: 14 Feb 2019, 15:07
Suggestion - block Exim attacks that are designed to degrade server performance:
Log files below of the issue (IP used is arbitrary). CENTOS 7 server.
2019-02-13 18:51:46.727  no MAIL in SMTP connection from [184.108.40.206]:53797 I=[xx.xx.xx.xx]:25 D=10s
2019-02-13 18:51:57.453  no MAIL in SMTP connection from [220.127.116.11]:57662 I=[xx.xx.xx.xx]:25 D=10s
2019-02-13 18:52:08.176  no MAIL in SMTP connection from [18.104.22.168]:62178 I=[xx.xx.xx.xx]:25 D=10s
2019-02-13 18:52:18.922  no MAIL in SMTP connection from [22.214.171.124]:51659 I=[xx.xx.xx.xx]:25 D=10s
Hundreds or thousands of these within seconds, many times from numerous IP's. Limit connections doesn't catch them.
I would like to see a perm block triggered after 5 such fails in any 1 second period.
Thanks for the consideration
- Posts: 12
- Joined: 25 Feb 2014, 16:26
Your suggestion is the one at all. It is implemented a long time ago and has nothing to do with exim. Simply remove the initial signature until the IP and have permanant blocking activated. I have been using this since years now.
Return to “Suggestions (csf)”