[Mimedefang] Bad RCPT Throttle in the Real World
Chris Myers
chris at by-design.net
Thu Aug 5 17:46:26 EDT 2004
----- Original Message -----
From: "Kevin A. McGrail" <kmcgrail at pccc.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Thursday, August 05, 2004 4:18 PM
Subject: Re: [Mimedefang] Bad RCPT Throttle in the Real World
> I was thinking my implementation would be more akin to greylisting since
it
> would only tempfail for a 5 minute period. I wholeheartedly agree that
> changing routes to completely block the IP are not a good idea though.
>
> > I think it's too large a block to be feasible, for the reason's you
> > mention. Their are many ways in which you can cause collatoral damage.
You might instead look at the latest mods David is putting into MIMEDefang.
With the latest sendmail and MIMEDefang, you can do things like tell
MIMEDefang "wait 15 seconds before replying". The latest sendmails also
have settings that let you delay certain responses like the initial SMTP
banner.
Set it up so that someone who goes over the thresholds gets a 30-second wait
for EVERY response. That will just kill any ratware. It won't stop an open
relay, but it would slow one down a lot. DO NOT exceed 30 seconds, there
are some system admins out there that think that the RFC timeouts are waaay
too long and don't apply to them, and will drop a legitimate SMTP connection
with longer timeouts.
Speaking of ratware, I noticed in a posting elsewhere that Abuse.Net has
pointed out that really long SMTP banners literally cause some ratware to
fall over dead. As an example, see the output of "telnet smtp.abuse.net
smtp".
Chris Myers
Networks By Design
More information about the MIMEDefang
mailing list