[Mimedefang] Feature request: Tar pitting.
Ben Kamen
bkamen at benjammin.net
Tue Apr 20 09:01:25 EDT 2004
Dave's right...
To mention again - I wrote a TCL script that watches for "RCPT TO"
flooding which IS a settable thing in sendmail - as soon as the log
message "Possible RCPT TO flooding, throttling" (or whatever it is)
comes through the log, the script doesn't tar pit them, it blackhole's
them.. for a day (or however long you might feel like)...
To that user abusing your system you disappear from the internet. ;)
-Ben
David F. Skoll wrote:
> On Mon, 19 Apr 2004, Jeffrey Goldberg wrote:
>
>
>>As a public service, I would like to tar pit connections delivering
>>various worms or spam.
>
>
> This feature will never make it into MIMEDefang. Tarpitting needs to
> be done at the Sendmail level, or (more appropriately) at the kernel
> level.
>
> By the time you've invoked a Perl milter, you've lost. The spammer is
> sitting with special ratware that can run tens of thousands of
> concurrent SMTP threads, and you're using a 20-MB Perl process to try to
> slow down *one* of his threads.
>
> Tarpitting is basically useless if you intend to slow down a spammer.
> Tarpitting is possibly useful if you have a very large site and want to slow
> the rate of spam coming into your site until you can update filters.
>
> Regards,
>
> David.
> _______________________________________________
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list