Comments on: Old & tired:: Open Relay. New Hotness:: Brute-force SMTP AUTH

By: ady wicaksono

ady wicaksono — Fri, 14 Mar 2008 13:50:35 +0000

Decrase aja size thread stack mysql so you will have a lot of mysql connection

By: sufehmi

sufehmi — Fri, 14 Mar 2008 07:49:15 +0000

@ryosaeba - thanks for the idea.
.
I looked around, and found fail2ban. I like it very much because (1) it uses existing info (logfiles) instead of adding more burden to the system (2) utilizes iptables / proven (3) works for any services [not just postfix]
.
Will give it a try.
.
@Tom - thanks, but I really need the SQL backend, because it makes management & maintenance much more easier to do.
.
With fail2ban, I may be able to restore Postfix’s max smtpd processes number to 100 again soon.
.
@neuralgin - thank you too, but postgrey is limited to postfix, and can be easily bypassed (just retry again). So I think I’ll try fail2ban first.

By: Chas

Chas — Fri, 14 Mar 2008 04:44:56 +0000

There is a nice little delay for comment spam. There should be one for password function as well. One attempt every 3 seconds should be enough.

By: neuralgin

neuralgin — Fri, 14 Mar 2008 03:04:09 +0000

i think that postgrey http://postgrey.schweikert.ch could help you

By: Tom

Tom — Fri, 14 Mar 2008 00:09:10 +0000

@ryoseba: If you want to keep track of which IPs have failed, and which are working, you need to store state some place. So you store state in the database, or wait, that is what is overloaded…

Others hack in the ability to call out to iptables, and add a automatically expiring block on that IP. This works. You still need to keep the state, but the traffic goes a way after a while.

By: ryosaeba

ryosaeba — Thu, 13 Mar 2008 23:37:56 +0000

harry, the comment by “admin” is a spam. and for your problem, probably you should think about extra security measures, such as 3 or more repeated and failed relay attempt within a minute would result that particular IP address banned to connect for let’s say 1 hour.

By: Tom

Tom — Thu, 13 Mar 2008 22:27:55 +0000

It is probably not a good idea to connect an SQL database to your mail server. And never do this at all, unless the SQL server is dedicated.

If you can’t dedicate an SQL server for mail authentication, use LDAP. Use a script to push the data from SQL into LDAP. You will find that since LDAP is key-value based, it is at least an order of magnitude faster than any SQL database, including MySQL.

By: arrohwany

arrohwany — Thu, 13 Mar 2008 20:24:42 +0000

Its Cool…

By: sufehmi

sufehmi — Thu, 13 Mar 2008 18:03:41 +0000

@samsul - I guess I should be thankful for that, indeed.
.
However, even when failing, they’re still a great nuisance.
.
I was talking with my friends at Indosat, evangelizing virtualization technologies to them. They were most interested, and I kept on giving the solutions to them - until they mentioned about their spam-filter server.
.
They said that the (very powerful) server is always at more than 80% cpu utilization.
.
I said, leave the server alone
Don’t virtualize it.
.
Spammers causes loses to others. Much more than even I imagined.

By: Samsul

Samsul — Thu, 13 Mar 2008 17:10:57 +0000

The good thing is that the spammer didn’t make his way through your SMTP, rite? I hate them, I once experienced a spammer gotten into my account, filling mySql with junks. Took my time to clean it up.