For over two years I have been dealing with a massive DDOS dictionary style email attack from thousands of bots all over the world. Instead of blocking the entire Asia Pacific Supernet which is where most of the bots originate, Astaro handled the mass load pretty well as a mail proxy. That is until I upgraded to the 7.400 version. Ever since Astaro began to using Postgresql I have been forced to disable all reporting just to keep the server from overloading. But even with reporting disabled, the server still overloads during high peak times. On a normal rate, we get 30 to 40 emails per second, most of these emails are being blackholed, but the server does something it never did before, it hangs on to the smtp session with postgresql. I am not familiar with how exim interacts with the database when receiving email, but during a high peak mail attack there are thousands of processes seen when running "ps aux" that look like this:
postgres: postgres smtp 127.0.0.1(51177) INSERT
or this:
postgres: postgres smtp 127.0.0.1(51185) startup
After 5 seconds or so the processes end, but its not fast enough to keep up with the email coming in.
I am running 7.401 installed on a dual xeon server with 2 gig of ram. I only have the mail proxy configured and running, all other features have been disabled. I am using the exim.conf option "smtp_accept_max_per_host = 20" to keep the connections down, I thought it would help but these connections rarely reconnect from the same ip.
I know you are probably thinking fix the botnet problem, but the server was handling this mass attack without a problem, everything started choking when the database was updated to postgresql. I am almost determined to go back to the Mysql version and never update again. If anyone can think of a better way, please let me know.
This thread was automatically locked due to age.
