When i ssh’ed to the box the load was at 104, ouch. A quick tail -f /var/log/messages showed me the problem – i’m being DDoS’ed. My screen couldn’t handle all that output – ~500 connections /s, which makes it two-three times more log lines in the maillog ;(

So, what to do now?

Postfix has a great service called anvil. anvil tracks connectivity statistics like how much times did this IP connect to your SMTP server, how much mails did it send, how much recipients did it supply and how much TLS (SSL) sessions did it start. Also, you can limit theese params.

In example, setting smtpd_client_message_rate_limit to 10 limits the messages an server can send to you to 10 per minute ( time unit can be changed ).

So, i quickly set smtpd_client_connection_rate_limit to 50, this limits 50 connections per minute from one host. When a servers goes over this limit, postfix doesn’t accept the connection and makes a log entry about it. I.e.:

Jul 9 22:28:26 server postfix/smtpd[13310]: warning: Connection rate limit exceeded: 107 from unknown[88.245.165.205] for service smtp

After a few seconds i could already see this kind of entries in my log.

Now, that still makes my postfix do some work and although the load dropped drastically, it still had to do some work.

So, dropping the connections from those IP’s on the firewall is the best way ( better would be doing it on the core router ).

A quick one-liner does it well:

tail -f /var/log/maillog | perl -ne ‘if (/rate limit exceeded: \d+ from .*\[(.*)\] for service/) {system(sprintf(“your_firewall_add_block_cmd %s\n”,$1));}’

Hooray, a few minutes later load decreased to the usual one.

Overall it took ~10 minutes to stop the DDoS, although it was a small one.

In other words – postfix for the win!

I could say that i am more than average postfix user and know it quite well. I am managing quite big mail servers ( a few million mails per day, >= 100k mailboxes ) and give free support in #postfix @ freenode ( but i always like if i get something in return! ).

I liked the book – i did learn a few things from it, although i don’t know if their up to date, so i will have to check it out. Most useful chapters i found are:

• Chapter 19: A Company Mail Server
• Chapter 22: Performance Tuning

Overall, i did like the book and i will definitely offer it to my friends who want to start with postfix.

I really wish there would be some info on stuff like milters and delivery slots in this book, as i am not familiar with it yet and would really like to read more about it.

I give the book a 9 (because it missed the milters, delivery slots and etc.).

Great work Patrick && Ralf, and thanks Roman123 for sending me the book.

The Book of PF

Absolute FreeBSD

Thanks again Kyle!!!