Port 25 is open and I'm getting thousands of emails. How can I make it stop?
Asked
Active
Viewed 247 times
0
-
1Use Some sort of Spam Filter or completely close the port if you don't need it – Cyberduck May 17 '21 at 15:09
-
2Is the RCPT TO to a valid address? If not, your postfix server should close the SMTP connection immediately after the RCPT TO to the invalid address, instead of accepting the message. – mti2935 May 17 '21 at 18:20
2 Answers
1
As you don't give much about your environment we must assume you want to mitigate the DDOS through Postfix itself. In that case there are some settings you can try.
- Limit the number of inbound and outbound delivery rates with default_process_limit
- Control how many messages get are delivered simultaneously to a local recipient with local_destination_concurrency_limit
- Limit the number of recipients the SMTP daemon will take per delivery with smtpd_recipient_limit
- You should also test if you have inadvertently set up an open relay.
- I would also do a tcpdump against port 25 for inbound traffic to see if you can mitigate any issues by tightening your firewall as the previous poster stated. It's been a while since I set up a Postfix server but these were some go to settings to prevent abuse.

slicehostjohn
- 11
- 1
0
If you can, try to :
- Rate limit your router to prevent your server from being overwhelmed
- Add filters to tell your router to drop packets from the obvious sources of the attack
- Timeout half-open connections more aggressively
- Drop spoofed or malformed packets
- Set lower SYN, ICMP, and UDP flood drop thresholds

raDiaSmO
- 309
- 1
- 5