> > > Yes Sam! > > That is exactly the point which hurts. > > Being a proxy ASSP "tunnels" the connection from the sending mail > > server to my receiving Courier. Courier does the ESMTP dialog. > > > > The bright side: if I set up all MXs as ASSP filters then all MXs > will > > check with the mailbox server if the recipient exists and spammers' > > strategy to pour in junk on the 2nd MX which often has no knowledge > of > > the existing mailboxes is rendered useless without me having to set > up LDAP or the like. > > > > The dark side: while checking for existing recipients the spam > > filtering machine _will_ produce errors on bad mail. Will it get > punished? > > If you are talking about individual proxied TCP connections, only each > individual connection gets 'punished'. Courier will tarpit whichever > TCP connection is causing errors; other concurrent TCP connections -- > even from the same host -- are unaffected. > > However there are other negative reasons for this setup. One of the > available defenses is an overall per-IP address (or /24 netblock) > connection limit. This normally prevents a hostile attacker from > flooding your server with thousands of connections and keeping it from > accepting mail from anyone else. This works hand in hand with > tarpitting; a hostile attacker is confined to a limited number of > connections, all others in excess are dropped, and the remaining > connections are tarpitted at the first sign of trouble.
That is true, but ASSP has an own setting for limiting simultaneous connections from the same IP. > connections originate from the same IP address as far as Courier is > concerned, and there is no way to discriminate between different > sending IP addresses -- and you are vulnerable to being bombed, unless > your proxy has the ability to restrict the maximum number of open > connections from the same source that it will forward. Except from flooding, does the proxying through the same IP mean Courier will learn the IP "in the middle" as bad? Still curious Dirk Kulmsee ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
