Sendmail Limiting Denial of Service (DOS) Attack

Q. I would like to know configuration directives that will limit Sendmail Denial of Service attack.

A. Sendmail is a mail transfer agent (MTA) i.e. that transfers electronic mail messages from one computer to another. It is possible that attacker can flood the mail server with DOS (it is an attack in which no access to the system(s) is gained, but rather a loss of service is incurred i.e. your mail server will die) attack.

To avoid DOS against Sendmail server it comes with directives that can be configured via macro file.

Sendmail used in various UNIX and Linux environments.

From Sendmail:

All descriptions are structured in the following way
M4 Variable Name/ Configuration/ Description & [Default]/Recommendation:

[100] Minimum number of free blocks on queue filesystem to accept SMTP
mail. (Prior to 8.7, this was minfree/maxsize, where minfree was the
number of free blocks and maxsize was the maximum message size. In
current versions of sendmail, use confMAX_MESSAGE_SIZE for the second
Recommended: 4000 or larger.

[infinite] The maximum size of messages that will be accepted (in
Recommended: 4MB (?)

[False] Automatically rebuild alias file if needed. There is a potential
for a denial of service attack if this is set.
Set to False.

[varies] Load average at which queue-only function kicks in. Default
value is (8 * numproc), where numproc is the number of processors online
(if that can be determined).
Set to 10 (depending on CPU power).

[varies] Load average at which incoming SMTP connections are refused.
Default value is (12 * numproc), where numproc is the number of
processors online (if that can be determined).
Set to 8 (depending on CPU power).

[undefined] The maximum number of children the daemon will permit. After
this number, connections will be rejected. If not set or confMAX_HEADERS_LENGTH
[undefined] Maximum length of the sum of all headers.
Set to 32 or 64K

[undefined] Maximum length of certain MIME header field values.
Set to 1024 or less.

[infinite] If set, allows no more than the specified number of
recipients in an SMTP envelope. Further recipients receive a 452 error
code (i.e., they are deferred to the next delivery attempt).
Site policy: 10 – 100.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum