0

Port 25 is open and I'm getting thousands of emails. How can I make it stop?

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
evening
  • 461
  • 1
  • 6
  • 15
  • 1
    Use Some sort of Spam Filter or completely close the port if you don't need it – Cyberduck May 17 '21 at 15:09
  • 2
    Is the RCPT TO to a valid address? If not, your postfix server should close the SMTP connection immediately after the RCPT TO to the invalid address, instead of accepting the message. – mti2935 May 17 '21 at 18:20

2 Answers2

1

As you don't give much about your environment we must assume you want to mitigate the DDOS through Postfix itself. In that case there are some settings you can try.

  1. Limit the number of inbound and outbound delivery rates with default_process_limit
  2. Control how many messages get are delivered simultaneously to a local recipient with local_destination_concurrency_limit
  3. Limit the number of recipients the SMTP daemon will take per delivery with smtpd_recipient_limit
  4. You should also test if you have inadvertently set up an open relay.
  5. I would also do a tcpdump against port 25 for inbound traffic to see if you can mitigate any issues by tightening your firewall as the previous poster stated. It's been a while since I set up a Postfix server but these were some go to settings to prevent abuse.
slicehostjohn
  • 11
  • 1
0

If you can, try to :

  • Rate limit your router to prevent your server from being overwhelmed
  • Add filters to tell your router to drop packets from the obvious sources of the attack
  • Timeout half-open connections more aggressively
  • Drop spoofed or malformed packets
  • Set lower SYN, ICMP, and UDP flood drop thresholds
raDiaSmO
  • 309
  • 1
  • 5