[Mimedefang] VERY Newbie Question
Ian Mitchell
junk at aftermagic.com
Fri Oct 29 08:53:34 EDT 2004
> Ok, for something like this, a sample function on the FAQ site that
> filters HELO line
>
> How do I integrate this into the filter file ?
I'm not sure that I would. Sendmail has the capability to limit
connections based on where the IP's come from (outside of the HELO which
can be spoofed). You can limit based on relaying (access_db) or you can
actually limit based on connections (tcp_wrappers). There is actually many
different ways that this can be accomplished without the need for using
expensive resources by having mimedefang catch it. Think of it this way,
if you have your mimedefang process scanning for it, then the child
processes for your mimedefang/spamassassin/virus scanner could potentially
all be called for a connection your just going to drop anyways (depend on
how you put together your filter) when sendmail could easily make a call
to tcpd and determine it's not legitimate and kill right away. Not a
problem with only a few connections, but what happens if you get hit by a
spam bot that is attempting hundreds or thousands or more connections
close together from all different ip's?
More information about the MIMEDefang
mailing list