Len,
Was wondering if you had taken a look at something called SpamCannibal at http://www.spamcannibal.org . It is something akin to the Anvil feature you describe, but with a twist. The stated aim of the daemon on its website is, "SpamCannibal's TCP/IP tarpit stops spam by telling the spam server to send very small packets. SpamCannibal then causes the spam server to retry sending over and over - ideally bringing the spam server to a virtual halt for a long time or perhaps indefinitely."
....and if you bring down a server that was exploited through no fault of the owner
then what? They trace the problem to software you intentionally installed on your
server knowing it would crash other peoples servers.....and you are reported to your
upstream provider or you are sued. This is a very bad idea. Delete incoming SPAM,
block the IP, report it to the source, or to SpamCop, ect., but please don't try to crash
servers that may be victims of exploits without anymore information other than "SPAM
was delivered from this address".
I haven't tried setting up a Postfix box for this yet, but it sounds like fun. :-)
William Van Hefner Network Administrator Vantek Communications, Inc.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad > Sent: Wednesday, January 26, 2005 7:22 AM > To: [email protected] > Subject: Re: [IMail Forum] Filanet InterJak 200 > > > > >If you're willing to get your hands dirty and learn a bit of *nix I > >recommend pf on OpenBSD which is _very_ flexible and will let you > >'tarpit' spammers (with spamd) if you wish. It's free and it'll run > >very well on a pII 350mhz with 128m of RAM. It is a bit of > a learning > >curve if you're a Windows only guy but well worth it IMHO. > > Even easier is IMGate/postfix's "anvil" feature which will > dynamically > smtp-blocks/rate-limits any IP that connects to postfix more > than x times > in y minutes. > > anvilled IPs connect to port 25, postfix sends an immediate > SMTP 421 code, > and hangs up. postfix can probably do that 200 times/second without > impacting legit operation. > > I would say the majority of msgs to unknown users come from > subscriber > access networks of millions infected PCs, each of which > doesn't attack any > one MX at a high rate of attempts, so rate limiting is not helpful. > > Len > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ >
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
ComsecNet Dedicated Data Services Stockton, CA Phone:(209) 463-2809 Fax: (209) 938-0481 Email: [EMAIL PROTECTED] Web: www.comsec.net
This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or an employee or agent responsible for delivering to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error please destroy this message and notify the sender by reply email.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
