[Mimedefang] monkeys.dom UPL being DDOSed to death

Mike Heller mike at dsny.com
Wed Sep 24 12:59:47 EDT 2003


  I am one of the people using Ron's DNSBL to filter mail on my server 
(or at least was using).  During the DDOS attack, our mail server slowed 
to a crawl and I noticed that there were a lot of sendmail processes 
running.  I'm assuming that each one was looking up the IP in Ron's DNS 
and each one had to timeout before it could continue.  After a while, 
our mail server stopped accepting mail, which is not a good thing.

As we have discussed on this list, it's not the first time this has 
happened nor will it be the last.  If that is the case, is there 
anything I can do to prevent my server from dying next time?  Can I 
reduce the timeout period?  Are there any other measures I can take to 
help prevent this from happening again?  Zone transferes would seem like 
an option as I could just have the list locally, but that seems to put 
more work on the list maintainer since he would have to authorize a lot 
of servers.

Thanks for any help you can provide.

Mike




More information about the MIMEDefang mailing list