[Mimedefang] Image blocking idea
Les Mikesell
les at futuresource.com
Thu Apr 20 22:12:24 EDT 2006
On Thu, 2006-04-20 at 15:30, David F. Skoll wrote:
> > Last, I don't worry about them hitting my machines with 10's or 100's of
> > connections per zombie (parallelizing their attempts within a given
> > zombie). For non-trusted mail relays, I limit the number of connections
> > to 2.
>
> Right, the parallelization I mentioned is against multiple targets
> also. Let's say a spammer needs to send 1,000,000 e-mails to people
> in 1,000 domains, and the largest domain contains 5,000 victims. If
> *each* domain's MX machine limits the spammer to sending one e-mail
> every 10 seconds, he can still send all 1,000,000 e-mails in around 14
> hours, or at an effective rate of 20 messages/second.
I have an old but now-defunct domain name that I only continue
to accept so I can get mail to hostmaster. I'm using
virtusertable to let sendmail reject everything else. The
logs show that it is hit by dictionary attacks fairly often
with the interesting part being that the messages are being
sent by many different machines at the same time but rate
limited somehow so there are never more than a few
simultaneous connections.
--
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list