I have had to deal with these types of spammers (using dynamic aDSL connections, using compromised hosts) and it's simply impossible to block them via manual blacklists. People like spamhaus etc. don't move fast enough to block them either.
This really slows down our mailservers (severe dictionary attack). Is there a way to rate-limit the # of connections allowed from certain IP's? I am thinking of doing it in Linux, to wit: 1) collect maillog for several days/weeks/months 2) sort out the people who connect to us most (e.g. in my case 20% of our mail traffic comes from Yahoo and Hotmail blocks) 3) make a list of these "people who connect.." then.. set up a Hierarchical Token Bucket queueing discipline. Have one pipe, call it :1 with say 10Mbit capacity. Make another pipe, call it :2 with say 128kbit capacity. If traffic comes in on one of the "listed" IP blocks which we know, use iptables mangle rule to send it to the :1 pipe. If traffic is unknown (not listed) mangle it to send it to the :2 pipe. This has the effect of drastically slowing down the delivery of all mail which we don't "know" -- all the unknown senders, and all the spammers, see us as behind a very slow link. This will work for me, because Linux supports all this functionality. Also it happens on the network level, so DoS of the SMTP server becomes a lot harder. However, I was curious as to whether this is doable some other way. You'll note that this scheme is similar to a draconian "white-list" where we only accept from whitelisted hosts and IP blocks. However it doesn't block unknown traffic outright, it just slows it down severely. --- Orlando Andico <[EMAIL PROTECTED]> Mosaic Communications, Inc. -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
