On Tue, 2 Aug 2016, Bill Cole wrote:
What's special about the postscreen delay is:
1. It delays only the last line of a multi-line greeting, so it catches MANY
more bots than a simple delay.
2. It caches PASS results so even the very short (6s by default) delay that
it imposes only hits the first encounter with a client that connects
frequently. This is critically important in high-volume situations where the
difference between mean session lengths of 0.5s and 6s is the difference
between 2 and 12 MX boxes in a cluster.
Combined, this is why Sendmail and other MTA greeting delays are less
spectacularly effective than they used to be and less effective than
postscreen. The resource cost of prolonging every session to 6s is untenable
for busy machines, so bots that have adapted can get through. Back in the
early days of Sendmail's GreetPause a value of 3s would catch most bots but
over the years some bots have adapted by doing their own hard delays and
others have learned to wait for anything from the server. Few (if any) have
adapted by actually parsing the greeting and making sure that they've seen
the end of a multi-line greeting before talking.
That all sounds great.
Is there any way to use postscreen as a frontend filter for a sendmail
MTA?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
From the Liberty perspective, it doesn't matter if it's a
jackboot or a Birkenstock smashing your face. -- Robb Allen
-----------------------------------------------------------------------
3 days until the 281st anniversary of John Peter Zenger's acquittal
