[Mimedefang] Back into the loop...

David F. Skoll dfs at roaringpenguin.com
Tue Oct 24 19:34:15 EDT 2006


Philip Prindeville wrote:

> HELO localhost.localdomain

> from 192.150.1.3, then it will reject that the session... with a 5xx
> message... and will also blacklist incoming connections from that
> site for the next 4 hours...  If another connection comes in from
> that address during that 4 hour period, maybe double or quadruple
> the wait period.

I do a similar thing, but I feed data into a Perl script that plays with
my iptables rules.  Obviously, to fiddle with iptables rules requires
root privileges, hence the separate script.

> One other thing I wasn't sure about doing, was adding "simultaneity"
> locking as well.  That is, blacklisting additional connections from
> the same site during the duration of a connection.  Most legitimate
> MTA's will open a single connection per site, and then spool
> multiple messages over a single connection.

Sendmail 8.13 can do all of that (and more) with its "conncontrol" and
"ratecontrol" features.

[...]

> I've been wondering about coming up with a standardized format
> for tests,

This is explicitly *not* a goal of MIMEDefang.  My belief is that in
order to combat current and future e-mail threats, you need a proper
programming language, and Perl is about as good as any.  In my
opinion, going to something like XML would be a massive step backward.

[... rest elided - I have no comments on it ...]

Regards,

David.



More information about the MIMEDefang mailing list