> (or be run on a mail gateway that sits in front of the IMail/Declude server).
Thats what TarProxy sort of does. TarProxy accepts the inbound SMTP connections and relays them to a backend SMTP host (imail's smtpd). What I'm saying would be great, is if TarProxy could call "Declude-like" tests during the SMTP session... before Imail gets its hands on the email. If Declude could be called as an external test by a 3rd party app, it might even be possible. Declude would just have to return a return value (ie: the weight), instead of handing off to smtp32.exe after its done. Bill -----Original Message----- From: "Bill Landry" Sent: Mon, 16 Jun 2003 06:22:04 -0700 Subject: Re: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration integration integration integration Tarpitting can't be integrated with Declude because Declude does not answer the client SMTP connection, IMail does (SMTPD). Only after IMail has received the message does it get delivered to Declude. So, any tarpitting would have to be integrated with IMail, not Declude (or be run on a mail gateway that sits in front of the IMail/Declude server). Bill ----- Original Message ----- From: "Bill B." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 16, 2003 6:02 AM Subject: Re: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration integration integration integration Cool. We've been playing around with a few methods of tarpitting. Check out TarProxy by Marty Lamb (http://www.martiansoftware.com/tarproxy/)... this tool seems to have alot of promise. It allows you to hook into each stage of the SMTP session and apply incremental delays or drop the connection based on external tests. Wouldn't it be great if we could integrate Declude with a tool like this! Bill -----Original Message----- From: "Rifat Levis" Sent: Mon, 16 Jun 2003 15:51:52 +0300 Subject: Re: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration integration Hi Bill , I wrote a small VB program . ---------------------------------- Here is more details about the system. I am using the KIWI syslog server software to send the logs to the SQL You can specify in IMAIL syslogs server ip address .(IF you run KIWI on the same machine ,you have to stop IMAIL syslog ) I have wrote a small Visual Basic Program which scan the SQL database for " ERR .... INVALID USER " lines every 2 min. And my little program Open a telnet connection to the firewall ADD the ip address to block . Then the program remove the ip address after 1 hour. On my firewall i wrote a global policie group to deny access to port 25 So the software add the ip address and specify that it belong to that group lls. I decided also to integrate DECLUDE JUNKMAIL with my firewall. For weight over 20 i will block for 1 hour For weight over 30 will block for 2 hour And so on. Rifat ----- Original Message ----- From: "Bill B." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 16, 2003 3:11 PM Subject: Re: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration integration Rifat, What software are you using to do the tarpitting? Are you running it on the same server as IMail, or on a separate box? Bill -----Original Message----- From: "Rifat Levis" Sent: Mon, 16 Jun 2003 02:01:45 +0300 Subject: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration People intersted in tarpitting and Declude firewall integration can read this. I just finished the tarpitting protection for my IMAIL server I am sending logs to the kiwi syslog server and forwarding it to SQL to analyse data When in a 2 min period a single ip send mail to more than 5 unknown account I am blocking the ip address on my netscreen firewall for 1 hour. The next step of this is to integrate Declude to the firewall I have 3 weight weight 10 warn weight 15 warn weight 20 delete Instead of deleting weight 20 i will forward it to an account to send data to SQL analyse it and then block it for 1 hour . NOTE : I am sure that KAMI will be interested :) Best Regards Rifat Levis --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
