posts /

Broken Software distributed in Botnets

Posted Sat 01 Sep 2007 02:13:32 PM CEST in

Lately there is a lot of discussion about Spam armys sucking up SMTP connections on mailexchangers by violating the SMTP protocol. Postfix talks about connection lost in "CONNECT" phase. Just as a hint on how bad the situation is - On a system of mine i typically get ~2200 Mails/Minute with ~300 connections. When the Botnet started misbehaving the amount of mail went down to ~400/Minute which was due to the SMTPd count limit reached. I now decreased the smtp_timeout from 300 to 60 which brought the original performance back.

Its interesting to see Botnets having the same QA problems as Microsoft with its WGA servers. Coincident ?