- wrote:
--- On Tue, 11/24/09, Les Mikesell <[email protected]> wrote:
...
Which would only happen if they tried to open two
separate TCP sessions within the 5 minute window.
Which will almost certainly happen regularly if anyone
joins a mailling list that is slightly busier than this
one.
That's why they aren't immediately thrown to the TCP TARPIT.
A mail server that had just connected and delivered its message(s) should be drained and
therefore have nothing else to deliver until it receives something else, and then, if it
can't "hold its wad", that's not my problem. We all know that spammers can't
hold their wads and this is what the ruleset was designed to combat.
Some mailers deliver multiple messages per connection, some don't. Some
mailing lists get more than one message per 5 minutes and attempt
delivery of each immediately. Blocking connections hitting you at
several per second might make sense to fight spam (but the good spammers
will be coming from hundreds of different but coordinated IP addresses),
but a few messages a minute is perfectly normal traffic.
Mail isn't "instant messaging." If they get a connection refused (the ICMP
admin-prohibited msg) and can't wait at least 2.5 minutes before retrying (as I do issue 2
ICMP warnings), they are probably a spammer. A properly behaving mail server would queue
the message and try again at its next queue interval (usually >= 5 minutes). If they
can't deliver multiple messages but just one per connection, they need to wait 5 minutes
before trying the next.
If you don't care if or when mail is delivered, why run the server at all?
--
Les Mikesell
[email protected]
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
