[Mimedefang] Spammers who won't take no for an answer
Jonas Eckerman
jonas_lists at frukt.org
Fri Oct 24 09:10:29 EDT 2003
On Thu, 23 Oct 2003 09:22:21 -0400 (EDT), David F. Skoll wrote:
Thoughs of the top of my head following (meaning, I haven't applied
all the necessary critical processing to them):
> if a given host retries a rejected message with the same SHA1 hash
> more than n times, where n is around 3-5, we could firewall off
> that host for a few hours or days.
Only problem I see with this is that the spammer might start
pestering secondary MX servers instead.
For some people, that won't be a problem at all, but lots of people
simply relies on friends beeing nice and providing backup servers. As
this habit has the potential do create severe loads on servers, it'd
be kind of rude to hand the problem over to those friends.
It could also be a problem when you use a slow cheap machine as mail
backup.
Another thought:
Instead of firewalling, what about routing (through a NAT or
something?) to another machine with a rather stupid mail server
acting like this:
* listen
< connect
* sleep 30 seconds
> host.domain SMTP bla bla server; date
< helo stupid.spammer.host
* sleep 30 seconds
> 554 I'm as stupid as you are.
* disconnect
This server would of course use a small SMTP daemon that actually
cant do anything but reject, so it shouldn't need much CPU or memory.
I guess that if lots of spammers start behaving like this, the "sleep
30 seconds" would have to be removed though.
If they actually sends all the data before receiving the replies
(like when using CONNECT or POST through HTTP proxies), we'd also
have to remove the sleep.
This has other problems of course. It will put a higher demand on the
machine doing the routing for example, and it will have to have to
somehow communicate with it in case the routing is done by a separate
machine (wich I guess it is in most setups, using another machine as
firewall/router/NAT). But it won't affect secondary mail servers more
than all spam based rejecting does.
Of course, just adding the hosts to sendmails access database is
probably still the easiest way to handle this, and as long as the
amount of traffic of this kind isn't to big it'd work just fine.
Regards
/Jonas
--
Jonas Eckerman, jonas_lists at frukt.org
http://www.fsdb.org/
More information about the MIMEDefang
mailing list