On Sun, Mar 21, 2010 at 11:20:48PM +0100, Gregor Glashüttner wrote:
> Hi!
>
> I??m using policyd-weight and think it does a great job in rejecting
> spam. I would like to do a little more and eat up the spammers
> resources by tarpitting them. My system doesn??t have too much traffic
> so i simply added "sleep(5);" in policyd-weight??s section "parse and
> store results, do some cleanup, return results", right before the two
> lines "return($EREJECTMSG.$RHSBLMSG.$RELAYMSG.$DYN_DNS_MSG);". This
> should eat 5 secs of the spammers time, right?
This also eats your resources as your MTA has to spawn new smtpd(8)
processes for new clients (the other smtpd-ones wait for policyd-weight's
answer).
This could also enable a DoS (one can circumvent the cache-rejects by
changing the sender-envelope and thus trigger your sleep)
Also there is smtpd_error_sleep_time (default 1s)
See man 8 smtpd | less +/TARPIT
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
