Greetings all,Last Saturday, I implemented R6.0.1 on our SMTP server to help combat the problem with spam. Not just spam, all of the emails that we get daily addresses to bogus addresses. I have been working with Lotus on an issue, and wanted to open it up to everyone here for discussion.
Like I said, I installed 6.0.1, and enables 5 DNSBL looksups. They are:
I also put enabled the “Verify that local domain recipients exist in the Domino Directory:” option.
First two days, worked great. Spam was down by a sizeable margin, and everyone was happy. Then, the bad stuff hit. Over the past three days, there have been periods on my server where no mail will be delivered. I will have NUMEROUS connections, and the Blacklists will do their look-ups, but, nothing will be delivered. Lotus, (who has done an awesome job helping me out), had me put some extra logging in place to see what’s going on with the email conversations when this hits. According to them, the spammers are not disconnected from my server after they are told to by the SMTP command, and they will fill up the thread with a bunch of crap. If I restart the SMTP task, the problem will go away for a while. Anyone else out there seen this problem?
If what Lotus says is true, this is a large security hole. I can do a DOS attack against a Domino SMTP server simply by not disconnecting when I am asked to?
Subject: DOS attacks like that are probably possible w/ all smtp servers
It really depends how many threads you can hold open. The SMTP protocol does do automatic retries though, so you’ll get the mail eventually unless the DOS attacker keeps those threads open for a week…
Like Bill says, this is most probably inbound pipelining. Turn it off and see what happens.
Also, you don’t need Relays.osirusoft.comandsbl.spamhaus.org. The relays.osirusoft zone includes the sbl, spews and spamsites along with osirusoft’s own open relays and other lists.
I would not use any lists at dorkslayers either. If you want a really good list of open relays, HTTP and socks proxies, try list.dsbl.org. DSBL is remarkably effective against relay and proxy abuse.
Just to let everyone know for future reference, I have yet to have a bottleneck occur today after going into the settings and disabling it. Thanks to all for the help!
Yes its late, but hopefully will prevent new R6 folks from adding it to their lists. Yes its black listing the world:
8/26/03 - Osirusoft, distributer of the SPEWS and open relay blocklists, among others, is no longer operational. Servers using these lists (including the FTC) are currently rejecting ALL email. This shutdown is in response to be in response to the previous several-week-long DDoS attack on Osirusoft, SPEWS and others, resulting in both sites being down.
I have this same problem. If I do Show Tasks, there are literally hundreds of SMTP connections, it says “SMTP Server Providing service for xxx.xxx.xxx.xxx” (of course, with the actual IP Address. But no mail comes in. I think it may be that the dnsbl lookups are too slow, they bog down the DNS service or something, and it just clogs the whole SMTP server up. Turning off pipelining did nothing to fix this. Only thing that works is turning of the DNSBL filter, unfortunately.
Please post again if you have any luck finding a solution. In the meantime, i am going to go from 6.0 to 6.0.1 and also try setting up a local DNS server with a downloaded DNSBL zone list…