[Mimedefang] MX -> 127.0.0.1
Les Mikesell
les at futuresource.com
Tue Sep 13 08:31:59 EDT 2005
On Tue, 2005-09-13 at 07:07, Kenneth Porter wrote:
> > Well, the same effort in to detect "bad" MX hosts can be performed by
> > ratware, hence, this technique can last for short while only, perhaps the
> > usefullness is gone by now.
>
> The 2nd best solution is to use "black hole space" for the last MX, IP
> space guaranteed to not have a host. This ensures that the spammer has to
> time out the connection. But it means that the timeout is only as long as
> the stock TCP SYN timeout.
>
> An even better solution is to point to a host that tarpits port 25
> connections. Such a host accepts the connection, but then turns the TCP
> feed into a trickle, effectively forcing the spammer to tie up the
> connection forever. (You can install a netfilter module on Linux called
> "TARPIT" for this purpose.)
Those are slightly more reasonable. It is bound to happen that some
machines attempting to send to you will have cached the DNS lookups
but temporarily lose their internet connectivity even if your
MX hosts are always up and available. They'll still find
127.0.0.1. Still, I doubt if it is worth the trouble. Serious
spammers won't run out of resources.
--
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list