Just another thought.

What is done through the ckuser patch, is what all other e-mail systems (escluding native qmail) all do usually.
So, this is a general problem for all e-mail systems.



At 01/09/03 01/09/03 -0500, [EMAIL PROTECTED] wrote:
Just thinking out loud.....

The approach of tarpitting is to slow down the attacker without impacting
your network or requiring additional resources on your end to deal with
the cracker.  I *think* it does this by analyzing the volume of incoming
SMTP requests from the same host.

The approach of chkuser is to reduce the amount of incoming messages by
denying unknown recipients before the message Data is transmitted.

I would hate to see an expanded chkuser that requires extensive database
activity to log/monitor/tarpit the username requests.  That's throwing
more resources at a problem....

I think its entirely appropriate to respond VERY slowly to an unknown
username request.  HOWEVER, if I suddenly have a shortage of SMTPD daemons
because they are left open to service the "chkuser tarpit", and that hurts
my email service quality, then I haven't gained anything.  I would rather
be fast at dumping chkuser denials and let them guess.

I guess if there was a child daemon that could handle ALL of the chkuser
tarpits (instead of keeping an SMTPD open) then we might have something
really great.

Sorry if I'm being too utopian, or too vague.  Just trying to contribute.

> I thought of this initially, but then I forgot because of the general gain
> this patch gives.
> We could introduce a delay for each not existing user, or a limit for the
> maximum number of "rcpt to". But for a massive hacker, that could not be a
> problem.
> I'm thinking of a more sophisticated code, but I surely would need of a
> database where to record every attempt.
> Let me know general opinions,
> Tonino
> At 01/09/03 01/09/03 -0700, Brad Dameron wrote:
>>Speaking of this patch. I think there is a potential of people being able
>>to harvest e-mail accounts using a dictionary, etc. They can connect up
>>and just validate e-mail addresses with this patch to determine if they
>>are valid or not. This could be a spammers dream come true. I have seen
>>this occur on sendmail servers.
>>----- Original Message -----
>>From: <mailto:[EMAIL PROTECTED]>Shane Chrisp
>>  Thanks for the reply. That has fixed the problem. Compiles now, and it
>> works still with
>>the mysql backend.
> ------------------------------------------------------------
>          [EMAIL PROTECTED]            Interazioni di Antonio Nati
>     http://www.interazioni.it      [EMAIL PROTECTED]
> ------------------------------------------------------------

        [EMAIL PROTECTED]            Interazioni di Antonio Nati
   http://www.interazioni.it      [EMAIL PROTECTED]

Reply via email to