[Mimedefang] MX -> 127.0.0.1
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Tue Sep 13 08:29:10 EDT 2005
On Tue, 13 Sep 2005, Kenneth Porter wrote:
> --On Tuesday, September 13, 2005 1:29 PM +0200 Steffen Kaiser
> <skmimedefang at smail.inf.fh-bonn-rhein-sieg.de> wrote:
>
>> Well, the same effort in to detect "bad" MX hosts can be performed by
>> ratware, hence, this technique can last for short while only, perhaps the
>> usefullness is gone by now.
>
> The 2nd best solution is to use "black hole space" for the last MX, IP space
> guaranteed to not have a host. This ensures that the spammer has to time out
> the connection. But it means that the timeout is only as long as the stock
> TCP SYN timeout.
Good point.
> An even better solution is to point to a host that tarpits port 25
> connections. Such a host accepts the connection, but then turns the TCP feed
> into a trickle, effectively forcing the spammer to tie up the connection
> forever. (You can install a netfilter module on Linux called "TARPIT" for
> this purpose.)
You still have to ensure that any of the "good" MX hosts must be online
all over the time. Or at least ignore / tempfail connections, when all the
other hosts are down.
Bye,
--
Steffen Kaiser
More information about the MIMEDefang
mailing list