From mboxrd@z Thu Jan  1 00:00:00 1970
Mime-Version: 1.0 (Apple Message framework v753.1)
In-Reply-To: <91428b31c1ef98ddc01e31bf249b0b7a@quanstro.net>
References: <91428b31c1ef98ddc01e31bf249b0b7a@quanstro.net>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <A94D35CE-A3CD-4D8F-902F-FB7D214A55AA@ar.aichi-u.ac.jp>
Content-Transfer-Encoding: 7bit
From: Kenji Arisawa <arisawa@ar.aichi-u.ac.jp>
Date: Sat, 22 Nov 2008 06:33:25 +0900
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] (no subject)
Topicbox-Message-UUID: 507d60cc-ead4-11e9-9d60-3106f5b1d025

Hello,

If such an attack continues for some minutes and the server does not
reject the connections
the server will create thousands of smtpd processes and might be hung
up.

Kenji Arisawa

On 2008/11/22, at 3:28, erik quanstrom wrote:

> Subjet: email attacks
>
> since our friends in sweeden helped out our spammer friends
> get back on line, i've seen a lot more attacks.  today i've been
> getting ~10 connections/sec.  fortunately its from a small
> number of machines, so this trick helps alot:
>
> /n/dump/2008/1121/sys/src/cmd/upas/smtp/smtpd.c:348,353 - smtpd.c:
> 348,355
>   				if(!qflag)
>   					syslog(0, "smtpd", "Hung up on %s; "
>   						"claimed to be %s", nci->rsys, him);
> + 				if(Dflag)
> + 					sleep(delaysecs()*1000);
>   				reply("554 5.7.0 Liar!\r\n");
>   				exits("client pretended to be us");
>   				return;
>
> oddly, i've found that adding a few of the hosts as -k flags stops
> the attack
> entirely.
>
> - erik
>
>