kd6lvw at yahoo.com
Tue Nov 24 19:01:51 EST 2009
--- On Tue, 11/24/09, Les Mikesell <lesmikesell at gmail.com> wrote:
> > ...
> > Which would only happen if they tried to open two
> separate TCP sessions within the 5 minute window.
> Which will almost certainly happen regularly if anyone
> joins a mailling list that is slightly busier than this
That's why they aren't immediately thrown to the TCP TARPIT.
A mail server that had just connected and delivered its message(s) should be drained and therefore have nothing else to deliver until it receives something else, and then, if it can't "hold its wad", that's not my problem. We all know that spammers can't hold their wads and this is what the ruleset was designed to combat.
Mail isn't "instant messaging." If they get a connection refused (the ICMP admin-prohibited msg) and can't wait at least 2.5 minutes before retrying (as I do issue 2 ICMP warnings), they are probably a spammer. A properly behaving mail server would queue the message and try again at its next queue interval (usually >= 5 minutes). If they can't deliver multiple messages but just one per connection, they need to wait 5 minutes before trying the next.
More information about the MIMEDefang