Well, I have user space queueing of SMTP packets working. Found out my IP server had a bug, I wasn't saying NO when an IP wasn't found. So far I have 83 IP's listed, but I'm still getting spam of course. I don't seem to be getting quite as much spam though. When a spammer gets past my partially open port, they don't always get all the way through fortunately. So the amount of spam I get isn't directly correlated to the number of times that the spammer's IP address isn't listed yet. It would be nice if I could use reliable third party information about IP addresses I haven't seen before. The biggest problem with the shut the door approach is knowing when to shut it.
I imagine Perl may have packages other than IPTables::IPv4::IPQueue that could be useful and potentially allow me to use remote DNS blacklist information. When the answer is NO from my IP server, I want to do a DNS blacklist query to see if I should list the IP after all and say YES of course. In essence, this would facilitate closing the door more often. The goal was to implement a tarpit, I have a list driven port closer instead. There's no slowing down of connection requests, I simply don't honor them sometimes. Not quite what I'd like to be doing. I wonder if it would be wise when the SMTP connection request packets are queued to do an additional check if the IP is not listed? I'm thinking try to do a DNS lookup and if that fails, reject. A legitimate email source has to have a valid PTR record, does it not? Are there any other checks along these lines that I should be thinking about? Can Perl scripts do DNS queries? How long do DNS queries take? Do they take too long? A thought is to get help from a Perl guru to improve my three scripts enough that other people will want to use them. Once multiple sites are using the system, maybe the IP lists can be shared somehow. The only way to stop spam is to block the connection requests from bot nets and other spam sources. I want to share my scripts as an alternative to spamcannibal. To be a good alternative though, I need a PHP interface possibly and really I should probably be aging the entries in the IP list. Also, there is an argument to use encryption for the port connections. I use Net::EasyTCP to connect the IP server to what I currently call the tarpit script. Since I queue the whole entire TCP connection request packet, what else can I pull out of it for informational purposes??? _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
