在过去的几天中,我们的半繁忙邮件服务器(sendmail)中有许多来自发出垃圾命令的主机的入站连接。
在过去两天中:
除了让我烦恼之外,我不确定有人会用这种攻击来完成什么。
有什么想法,或者如何有效地处理它?
Answers:
在这些连接开始吐出错误之后,至少有一种方法可以阻止这些连接。有效且举止端庄的客户永远都不应陷入困境。
dnl # New option in v8.14.0
dnl # Override default limit (of 20) NOOPs (invalid or unsupported SMTP
dnl # commands) before daemon will throttle connection by slowing
dnl # error message replies (similar to "confBAD_RCPT_THROTTLE")
define(`MaxNOOPCommands', `5')dnl
您还可以使用GreetPause功能,该功能将拒绝这些客户端,因为它们不太可能遵守暂停。您可以在此处了解更多信息:http : //www.deer-run.com/~hal/sysadmin/greet_pause.html
dnl # New feature in v8.13.1 (not listed in Companion)
dnl # Set time in milliseconds before sendmail will present its banner
dnl # to a remote host (spammers won't wait and will already be
dnl # transmitting before pause expires, and sendmail will
dnl # refuse based on pre-greeting traffic) 5000=5 seconds
dnl # NOTE: Requires use of FEATURE(`access_db') and "GreetPause" entries
dnl # in access table
FEATURE(`greet_pause',`5000')dnl