[Mimedefang] Sendmail::Milter

Les Mikesell lesmikesell at gmail.com
Tue Nov 24 19:19:51 EST 2009

- wrote:
> --- On Tue, 11/24/09, Les Mikesell <lesmikesell at gmail.com> wrote:
>>> ...
>>> Which would only happen if they tried to open two
>> separate TCP sessions within the 5 minute window.
>> Which will almost certainly happen regularly if anyone
>> joins a mailling list that is slightly busier than this
>> one.
> That's why they aren't immediately thrown to the TCP TARPIT.
> A mail server that had just connected and delivered its message(s) should be drained and therefore have nothing else to deliver until it receives something else, and then, if it can't "hold its wad", that's not my problem.  We all know that spammers can't hold their wads and this is what the ruleset was designed to combat.

Some mailers deliver multiple messages per connection, some don't.  Some 
  mailing lists get more than one message per 5 minutes and attempt 
delivery of each immediately.  Blocking connections hitting you at 
several per second might make sense to fight spam (but the good spammers 
will be coming from hundreds of different but coordinated IP addresses), 
but a few messages a minute is perfectly normal traffic.

> Mail isn't "instant messaging."  If they get a connection refused (the ICMP admin-prohibited msg) and can't wait at least 2.5 minutes before retrying (as I do issue 2 ICMP warnings), they are probably a spammer.  A properly behaving mail server would queue the message and try again at its next queue interval (usually >= 5 minutes).  If they can't deliver multiple messages but just one per connection, they need to wait 5 minutes before trying the next.

If you don't care if or when mail is delivered, why run the server at all?

  Les Mikesell
    lesmikesell at gmail.com

More information about the MIMEDefang mailing list