On Fri, 14 Feb 2003, Gerald Timothy Quimpo wrote: .. > Blackhole-enabled services should switch to a non-deterministic failure > mode that silently kills e-mail delivery. This would have a far greater > effect,
Another thing: spammers listed in Spamhaus etc. still continue to connect to your server even if they are immediately disconnected. This has the effect of eating up 'smtpd' (if you're using Postfix) processes, thus resulting in a denial-of-service effect. My 'solution' so far is very simple: I have a simple script which sits watching '/var/log/messages' -- when it detects a disconnect due to access denied or blackhole, it adds that IP to my iptables rules! Very nice. And I noticed iptables doesn't croak on thousands++ of iptables rules. I use the 'DROP' method. So the spammer host tries to connect, gets rejected. Next time it tries to connect, I drop the SYN packet on the floor. So the remote site NEVER gets the RST. Which has the effect of leaving the remote 'smtpd' hanging for a long time until it times out. Net effect: the more the spammer tries to connect to me, the more 'smtpd' processes get eaten up on his/her host. A nice side-effect. :) --- Orlando Andico <[EMAIL PROTECTED]> Mosaic Communications, Inc. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
