Noel J. Bergman wrote:
Yeah, I think Peter is on the right track by adding various fast-fail cases. Sendmail allows you to limit the number of messages that can come from a given IP address at once, and Peter listed other approaches (cap # of invalid commands, cap # of rsets, etc...)If you can receive and process the message, then you can determine if it's spam or not (based on relay rules, Bayesian filter, whatever).One of the things I've considered is that if a matcher discovers spam from a currently active connection, then we could kill that connection (with a proper 5xx code) ASAP. I'm tired of spammers tying up my connections. I am also willing to limit parallel connections from a single IP address, although I see that "attack" less frequently.
What about as a recognition of the value of both sides (fast-fail and honey-pots), we make this issue (aggressive pipelining) into the first of our fast-fail configuration options?
By default we have James fast-fail on aggressive pipelining, the DATA command checks the buffer and rejects the message if there is anything. But, offer the configuration option to let James accept the message should the admin want a honey-pot. And to support that, if James will accept the message, then we have James add some new X-header to the message to indicate it was aggressively pipelined.
--
Serge Knystautas
Loki Technologies
http://www.lokitech.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
