Exim load extremely high due to botnet spam

[vandal]

My server is getting nailed by a botnet trying to forge an ip address. No spam is being sent out, but the massive amount of connections is causing the load to sky rocket. The connections are coming from hundreds of different IPs, does anyone know what I can do to block this?

Thank you

 

[evil_smurf]

First install APF firewall and configure it correctly - www.rfxnetworks.com
Next, install DDos-Deflate and configure it correctly - http://deflate.medialayer.com/


It'll begin banning the IP's through APF/IPTables, which will in turn lower your load pretty well. However, uninstall it once all of the IP's have been banned, as I have found that the script does not work correctly with proftpd. It seems to think that every single file downloaded from proftpd is another connection, and will begin banning IP's that download a lot of files through FTP. But, this should be a good fix for you for now to take care of the botnet problem

 

[vandal]

Thanks, I have APF installed already but not configured with exim (just sshd). I will check it out now.

 

[vandal]

I banned a subnet from hinet.net that was spamming me hard and load is back to normal.