[Mimedefang] Image blocking idea
John Rudd
john at rudd.cc
Thu Apr 20 16:13:00 EDT 2006
On Apr 20, 2006, at 9:49, David F. Skoll wrote:
> The ones who use "legitimate" mail relays will get past greylisting
> and greet_pause. The more sophisticated ones *DO* have essentially
> unlimited resources. So, some recipients throttle one of my zombie
> computers
> to sending an e-mail every 5 seconds. No problem; just add 1,000 more
> zombies
> and I can send an e-mail every 5 milliseconds.
Except that the more they flex their zombies, the more attention it
draws to the zombie's real owner that something is wrong with their
computer and needs to be fixed. They don't have an unlimited number of
zombies, and the individual zombies themselves have finite capacity (of
which the spammer can only utilize a fraction).
Plus, a huge percentage of the machines that show up in my logs for
"got whacked by greet_pause" are the very sorts of dynamic addresses
you'd expect to see with a zombie ... not the unsophisticated channels
you mention. If the sophisticated spammers aren't vulnerable to things
like greet_pause, why are they still getting caught by the greet_pause?
Last, I don't worry about them hitting my machines with 10's or 100's
of connections per zombie (parallelizing their attempts within a given
zombie). For non-trusted mail relays, I limit the number of
connections to 2.
More information about the MIMEDefang
mailing list