[Mimedefang] Image blocking idea
John Rudd
john at rudd.cc
Thu Apr 20 12:35:48 EDT 2006
On Apr 20, 2006, at 7:58 AM, David F. Skoll wrote:
> Kenneth Porter wrote:
>
>> I'm beginning to favor the idea of challenge/response systems, but
>> only
>> for "rich" content (ie. anything not pure text/plain).
>
> Intriguing... I normally hate C/R systems, but that might be a good
> idea.
> Anything to make it more of a hassle to send non-plain-text e-mail is
> a good idea, IMO.
>
The thought I was having earlier was that while greylisting seems to be
losing its luster, and other mechanisms are having to keep fighting to
keep up, the thing that has consistently worked well for me is:
greet-pause (often filtering out 50% of my attempted spam connections
per day, and I have had fewer than 5 false positives in the 2-3 years
I've been using it).
The reason for that is exactly the opposite of you earlier assertion:
spammers do _NOT_ have unlimited resources. Greet-pause slows down
their ability to submit spam to targets, and lowers their overall
throughput, by making them waste resources they have in limited supply
(time). If time is money, then the greet-pause is a tax. A tax they
aren't willing to spend.
The downside: they only have to wait once per connection, not per
message nor per recipient.
My thought: why not put something like an N second delay in
filter_sender (maybe 4 or 5 seconds?) and 1 second delay in
filter_recipient. You could even make it conditional to only do these
delays if the relay is outside of your domain. The result will be that
this "tax" gets paid when a sender wants to send multiple messages per
connection and/or messages with many senders. More messages, the
longer the delay. More recipients, the longer the delay.
I need to think more about it to know what the right delay values are,
though. It needs to be a value which stacks up if you're doing a lot
of these, but that wont be too much of a problem for legitimate senders
nor roaming users (so you probably also want to exempt those who have
successfully AUTHed). You also don't want to pick values that are
likely to exceed things like sendmail default timeouts.
More information about the MIMEDefang
mailing list