[Mimedefang] Back into the loop...
Philip Prindeville
philipp_subx at redfish-solutions.com
Tue Oct 24 20:28:45 EDT 2006
David F. Skoll wrote:
>Philip Prindeville wrote:
>
>
>
>>HELO localhost.localdomain
>>
>>
>
>
>
>>from 192.150.1.3, then it will reject that the session... with a 5xx
>>message... and will also blacklist incoming connections from that
>>site for the next 4 hours... If another connection comes in from
>>that address during that 4 hour period, maybe double or quadruple
>>the wait period.
>>
>>
>
>I do a similar thing, but I feed data into a Perl script that plays with
>my iptables rules. Obviously, to fiddle with iptables rules requires
>root privileges, hence the separate script.
>
>
I thought about this too... It would be nice to have a Perl module
that allows modifying the IPtable on the fly... Of course, that's
Linux specific...
Similarly, you could use dynamic ACL's on a Cisco firewall
if that's what you're sitting behind...
>>One other thing I wasn't sure about doing, was adding "simultaneity"
>>locking as well. That is, blacklisting additional connections from
>>the same site during the duration of a connection. Most legitimate
>>MTA's will open a single connection per site, and then spool
>>multiple messages over a single connection.
>>
>>
>
>Sendmail 8.13 can do all of that (and more) with its "conncontrol" and
>"ratecontrol" features.
>
>[...]
>
>
I just read the README in /usr/share/sendmail-cf/ and couldn't tell the
difference between one knob and the other.
>>I've been wondering about coming up with a standardized format
>>for tests,
>>
>>
>
>This is explicitly *not* a goal of MIMEDefang. My belief is that in
>order to combat current and future e-mail threats, you need a proper
>programming language, and Perl is about as good as any. In my
>opinion, going to something like XML would be a massive step backward.
>
>
It's easier to share XML fragments and parameters (where the parameters
change more often than the actual logic that implements the test). So we
could make the scripting more stable, and the "fine tuning" easier to ship
around and share.
>[... rest elided - I have no comments on it ...]
>
>
Any preferences on a favourite lockable/concurrent database
(hash) module?
-Philip
>Regards,
>
>David.
>
>
More information about the MIMEDefang
mailing list