[Mimedefang] Image blocking idea

[David F. Skoll]

John Rudd wrote:

> The reason for that is exactly the opposite of you earlier assertion:
> spammers do _NOT_ have unlimited resources.

There are two classes of spammers: Unsophisticated ones who send their
419 scams via Yahoo and Hotmail, and sophisticated ones who use zombie
networks.

The ones who use "legitimate" mail relays will get past greylisting
and greet_pause.  The more sophisticated ones *DO* have essentially
unlimited resources.  So, some recipients throttle one of my zombie computers
to sending an e-mail every 5 seconds.  No problem; just add 1,000 more zombies
and I can send an e-mail every 5 milliseconds.

> Greet-pause slows down
> their ability to submit spam to targets, and lowers their overall
> throughput, by making them waste resources they have in limited supply
> (time).

Spammer time can be parallelized.  Spammers don't spend a lot of time
sequentially mailing to one victim ISP.

> My thought: why not put something like an N second delay in
> filter_sender (maybe 4 or 5 seconds?)

Try it... you won't like it. :-)

A MIMEDefang slave sitting around for 4-5 seconds is HORRIBLY expensive
compared to the resources a spammer would spend.

(That's why there's the curious "delay" value in the return list from
filter_*.  That only ties up a milter thread rather than a Perl slave.
But that's still horribly expensive on a busy system, because you're
also tying up a Sendmail process.)

> I need to think more about it to know what the right delay values are,
> though.

No delay values will work against a highly-parallel army of spamming
machines.

Regards,

David.