[Mimedefang] Blocking spam senders using IPTables?

Paul Murphy pmurphy at ionixpharma.com
Tue Nov 2 10:51:54 EST 2004


> You run the risk of starting a DoS attach against your own box.
> The RFC's state that senders should keep trying for ~5 days
> Quote "
> : Chances are that you would get more DoS by new connections constantly
> : coming in, than by 5xx responses causing at least protocol-compliant
> : senders to give up."
> Search for tcp wrappers in comp.mail.sendmail for details

The problem is that we're not dealing here with protocol-compliant senders.
We're dealing with spammers who either ignore the 5xx response and keep trying,
or who have a seemingly endless supply of garbage to send, all of which gets the
5xx response after I've incurred considerable processing time working out that
it was spam.

TCPWrappers would normally help, but it is too late in the process (they've
already connected to the SMTP server), and too lacking in future possibilities
such as delayed responses and tarpitting.  In many cases, the spammer will
happily still send their data down the pipe, even though every request gets a
5xx response immediately.  You can't expect them to play nicely. 

Best Wishes,

Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA

Tel. 01223 433741
Fax. 01223 433788

This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they
are addressed.  If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741

More information about the MIMEDefang mailing list