John Rudd wrote: > The reason for that is exactly the opposite of you earlier assertion: > spammers do _NOT_ have unlimited resources.
There are two classes of spammers: Unsophisticated ones who send their 419 scams via Yahoo and Hotmail, and sophisticated ones who use zombie networks. The ones who use "legitimate" mail relays will get past greylisting and greet_pause. The more sophisticated ones *DO* have essentially unlimited resources. So, some recipients throttle one of my zombie computers to sending an e-mail every 5 seconds. No problem; just add 1,000 more zombies and I can send an e-mail every 5 milliseconds. > Greet-pause slows down > their ability to submit spam to targets, and lowers their overall > throughput, by making them waste resources they have in limited supply > (time). Spammer time can be parallelized. Spammers don't spend a lot of time sequentially mailing to one victim ISP. > My thought: why not put something like an N second delay in > filter_sender (maybe 4 or 5 seconds?) Try it... you won't like it. :-) A MIMEDefang slave sitting around for 4-5 seconds is HORRIBLY expensive compared to the resources a spammer would spend. (That's why there's the curious "delay" value in the return list from filter_*. That only ties up a milter thread rather than a Perl slave. But that's still horribly expensive on a busy system, because you're also tying up a Sendmail process.) > I need to think more about it to know what the right delay values are, > though. No delay values will work against a highly-parallel army of spamming machines. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
