[Mimedefang] MX -> 127.0.0.1
Kenneth Porter
shiva at sewingwitch.com
Tue Sep 13 08:07:05 EDT 2005
--On Tuesday, September 13, 2005 1:29 PM +0200 Steffen Kaiser
<skmimedefang at smail.inf.fh-bonn-rhein-sieg.de> wrote:
> Well, the same effort in to detect "bad" MX hosts can be performed by
> ratware, hence, this technique can last for short while only, perhaps the
> usefullness is gone by now.
The 2nd best solution is to use "black hole space" for the last MX, IP
space guaranteed to not have a host. This ensures that the spammer has to
time out the connection. But it means that the timeout is only as long as
the stock TCP SYN timeout.
An even better solution is to point to a host that tarpits port 25
connections. Such a host accepts the connection, but then turns the TCP
feed into a trickle, effectively forcing the spammer to tie up the
connection forever. (You can install a netfilter module on Linux called
"TARPIT" for this purpose.)
More information about the MIMEDefang
mailing list