You can set options at the command line with the -O flag (see man sendmail how to do this). One option you could try is MaxDaemonChildren=N which will limit the number of concurrent children the daemon will spawn. Another option is to throttle incoming connections with ConnectionRateThrottle=N which limits the maximum number of connections per second.

my RH7.2 server

Since Redhat v7.2 shipped over five years ago, isn't it a little out of date by now? Have you considered updating to a more recent version/distribution? More recent kernels have much better memory management, among other things.

IMHO Sendmail is perhaps not the best MTA to use. There are many others - Exim and Postfix spring to mind. IMHO either of these would handle the load better.

lammert, thanks for the syntax. I found this interesting thread [mailarchive.ca] in the main sendmail newsgroup that has now got me spinning off to locate the best solution. I appreciate the help.

webdoctor ... you're right ... what can I say? I suppose I should take the time to upgrade the kernel, at least. On this box, though, I'll leave sendmail as the MTA, for now. Thanks.

That is indeed an interesting article. Finding the right balance of the settings to keep your server from killing processes but at the same time accepting as much as possible SMTP clients is now the challenge.

Yeah, I agree.

Currently my system starts refusing connections at a load of 12-15 requests per second (dep. on memory available), but that only works for about 20 (dep. on how long the bulk of the 'attack' lasts) seconds before processes start dying.

I'm going to test j-chkmail (see the link in the Jose Marcio's sig) and see if it's appropriate for a 'normal' production mail server. If this thread's still alive, I'll post results.

Fortunately, most of these spam DoS attacks aren't that huge (500 or so requests), so it doesn't trip the switch that often. (Spammers seem to be getting smaaaaaht ... not enough to trip most switches, but plenty irritating.)