On Saturday 14 April 2007 10:06, Paolo Supino wrote: > Hi Joachim > > I know that right now I'm mostly going at it in the wrong way but > I have to fix it quickly and without changing the infrastructure. I'm > not a windows or layer 7 person but rather a layer 1 to layer 4 in my > background, so I'm trying to find a solution in those layers. I work > in an environment where I'm told: Fix it without spending money ... > The webapp development was outsourced thus the developers aren't > local. Blunt objects aren't an option :-( > The legitimate email structure (subject and content) is pretty > limited and steady. Will sendmail + procmail to filter emails be a > solutions? > I will try to implement rate limiting.
Just a thought -- is it practical for you to have a white list? For example, I am wondering whether you could have a white-list table in pf and configure your openbsd firewall to allow email to go only to addresses in that white list from your app server. That may be easier and more elegant to do with OpenBSD than limiting the smtp service to connect to authorized remote servers using TCPIP settings on Windows. > > > > > > TIA > Paolo > > Joachim Schipper wrote: > > On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote: > >>Hi Bob > >> > >> The webapp does talk to a real mail server: on localhost (IIS6 > >> SMTP service). When a spammers abuses the webapp the email is > >> actually sent via the local mail server and not directly from the > >> webapp to all the mail servers on the Internet. Rate limiting > >> isn't an option because emails must be out the door within a very > >> short time frame from the moment a set of events is triggered in > >> the webapp. > >> Right now the only way I can think of is limit the SMTP service > >> to connect only to authorized remote SMTP servers that I will > >> manage manually (I'm in the process of checking how often I would > >> have to change the list to see if it's feasible). You wrote that I > >> can do it with spamd, how? > >>Another option I thought of is setting up a sendmail relay on > >> another computer and let that sendmail only relay specific emails > >> according to a set of criteria (that fit only valid emails). > > > > You are going about this all wrong. First step is finding a > > suitable blunt instrument and getting the developers to fix it. The > > second step is configuring rate limiting, along the lines of '1000 > > mails/hour'; this will allow a large batch of e-mail to get through > > immediately, but stop spammers. What you're planning now is both > > less effective and way more work. > > > > Joachim > > !DSPAM:1,4620f04c203471073733319! -- Vijay Sankar ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: +1 (204) 885-9535, E-Mail: [EMAIL PROTECTED]
