On Sun, 28 Mar 2004, [ISO-8859-1] Ask Bj?rn Hansen wrote:
Alright, it's interesting and all but it really seems a bit theoretical and not terribly related to qpsmtpd unless someone writes a plugin to do stuff with iptables soon.
There's no need for that - don't re-invent the wheel; just use SpamCannibal. It can peek at connection attempts before qpsmtpd gets to see them (via iptables QUEUE target), and do the tarpitting. The only plugin required might be an interface to add newly identified spam sources to SpamCannibal's database.
There are some portions of the thread that suggest doing a little more damage by using up bandwidth and letting the remote end send the entire payload (with multiple resets/retries to really waste resources). That wouldn't be something SpamCannibal or any other iptables-only implementation could do. Hence the idea to make some kind of broken vaccuum plugin to which we direct all junk connections.
One question that didn't get touched on is how to determine who to add to the tarpit. Is that something generally left up to the individual mail admin, or would/should it be keyed off other plugins (perhaps via transaction notes)? Once it's created/tested/working, I would assume it would end up in the main distribution of qpsmtpd, and those who aren't as into programming wouldn't want to have to go into each plugin and add/enable support for it. (If I were to write it, for example, I would want to make it as flexible as possible and easy to implement; heaven knows my other stuff is so entangled into my own setup. ;))
-- Bryan
