To mention again - I wrote a TCL script that watches for "RCPT TO" flooding which IS a settable thing in sendmail - as soon as the log message "Possible RCPT TO flooding, throttling" (or whatever it is) comes through the log, the script doesn't tar pit them, it blackhole's them.. for a day (or however long you might feel like)...
To that user abusing your system you disappear from the internet. ;)
-Ben
David F. Skoll wrote:
On Mon, 19 Apr 2004, Jeffrey Goldberg wrote:
As a public service, I would like to tar pit connections delivering various worms or spam.
This feature will never make it into MIMEDefang. Tarpitting needs to be done at the Sendmail level, or (more appropriately) at the kernel level.
By the time you've invoked a Perl milter, you've lost. The spammer is sitting with special ratware that can run tens of thousands of concurrent SMTP threads, and you're using a 20-MB Perl process to try to slow down *one* of his threads.
Tarpitting is basically useless if you intend to slow down a spammer. Tarpitting is possibly useful if you have a very large site and want to slow the rate of spam coming into your site until you can update filters.
Regards,
David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
