----- Original Message ----- From: "Kevin A. McGrail" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 05, 2004 4:18 PM Subject: Re: [Mimedefang] Bad RCPT Throttle in the Real World
> I was thinking my implementation would be more akin to greylisting since it > would only tempfail for a 5 minute period. I wholeheartedly agree that > changing routes to completely block the IP are not a good idea though. > > > I think it's too large a block to be feasible, for the reason's you > > mention. Their are many ways in which you can cause collatoral damage. You might instead look at the latest mods David is putting into MIMEDefang. With the latest sendmail and MIMEDefang, you can do things like tell MIMEDefang "wait 15 seconds before replying". The latest sendmails also have settings that let you delay certain responses like the initial SMTP banner. Set it up so that someone who goes over the thresholds gets a 30-second wait for EVERY response. That will just kill any ratware. It won't stop an open relay, but it would slow one down a lot. DO NOT exceed 30 seconds, there are some system admins out there that think that the RFC timeouts are waaay too long and don't apply to them, and will drop a legitimate SMTP connection with longer timeouts. Speaking of ratware, I noticed in a posting elsewhere that Abuse.Net has pointed out that really long SMTP banners literally cause some ratware to fall over dead. As an example, see the output of "telnet smtp.abuse.net smtp". Chris Myers Networks By Design _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
