Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
postfix and extreme high latency - Denial of service like
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
centran
n00b
n00b


Joined: 02 Nov 2005
Posts: 18

PostPosted: Sat Mar 06, 2010 12:37 am    Post subject: postfix and extreme high latency - Denial of service like Reply with quote

I am having a weird problem. When I have postfix running and accepting connection the latency on my machine goes through the roof. I get 1500+ ms pings to google and a bunch of lost packets. It is almost like a DOS.
I have deleted deferred mail in case that was causing a problem. I have checked that the machine isn't an open relay.

If I shut down postfix for awhile then latency goes back to normal for a couple of minutes.
tcpdump show a yahoo mail server continually trying to connect to me an insane amount of times.
IP mta-v1.mail.vip.sp2.yahoo.com.smtp > core.37121: . ack 136801 win 8280 <nop,nop,timestamp[|tcp]>
I doubt yahoo is trying to DOS me. Is there something wrong at there end? Is there something wrong my server might be doing?

Any help would be appreciated. Even a point in the right direction.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6727

PostPosted: Sat Mar 06, 2010 3:11 am    Post subject: Reply with quote

You could try contacting yahoo's abuse address about it.

Failing that, you could throttle or block them using iptables. Something like this:
Code:
iptables -N mailspam
iptables -A INPUT -p tcp --dport smtp --syn -s 98.136.0.0/14 -j mailspam
iptables -A mailspam -m limit --limit 2/min -j ACCEPT
iptables -A mailspam -j REJECT
Back to top
View user's profile Send private message
centran
n00b
n00b


Joined: 02 Nov 2005
Posts: 18

PostPosted: Sat Mar 06, 2010 5:08 pm    Post subject: Reply with quote

Good idea. I just threw them into hosts.deny for 5 minutes. It sopped after that.
I was just worried my machine might have sent some weird or garbled request or my machine wasn't acknowledging a request properly so they just kept sending.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum