Dirk Kulmsee writes:
Yes Sam! That is exactly the point which hurts. Being a proxy ASSP "tunnels" the connection from the sending mail server to my receiving Courier. Courier does the ESMTP dialog.The bright side: if I set up all MXs as ASSP filters then all MXs will check with the mailbox server if the recipient exists and spammers' strategy to pour in junk on the 2nd MX which often has no knowledge of the existing mailboxes is rendered useless without me having to set up LDAP or the like. The dark side: while checking for existing recipients the spam filtering machine _will_ produce errors on bad mail. Will it get punished?
If you are talking about individual proxied TCP connections, only each individual connection gets 'punished'. Courier will tarpit whichever TCP connection is causing errors; other concurrent TCP connections -- even from the same host -- are unaffected.
However there are other negative reasons for this setup. One of the available defenses is an overall per-IP address (or /24 netblock) connection limit. This normally prevents a hostile attacker from flooding your server with thousands of connections and keeping it from accepting mail from anyone else. This works hand in hand with tarpitting; a hostile attacker is confined to a limited number of connections, all others in excess are dropped, and the remaining connections are tarpitted at the first sign of trouble.
But since you are proxying all your incoming connections through the same IP address this defense mechanism is unavailable -- since all connections originate from the same IP address as far as Courier is concerned, and there is no way to discriminate between different sending IP addresses -- and you are vulnerable to being bombed, unless your proxy has the ability to restrict the maximum number of open connections from the same source that it will forward.
pgpiv4RglWL5G.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
