RE: greetpause was Re: xxxl spam
On Tuesday, April 11, 2006 1:37 PM -0700 [EMAIL PROTECTED] wrote: Agreed. Spammers have access to all the free CPU bandwidth and processing time they can steal - legitimate MTAs are limited to a budget. Any anti-spam solution that simply rewards CPU and bandwidth spent* is playing into the hands of the spammers. The original concern was that spammers would use larger messages to avoid the size cutoff in SA, but this was countered because spammers have to reduce their message rate to send larger messages. Server-side, GreetPause (and greylisting) forces a client to reduce its message rate. If the client has unlimited bandwidth and doesn't care about the reduced message rate, it might as well shovel giant messages. In for a penny, in for a pound.
RE: greetpause was Re: xxxl spam
mouss wrote: > so greetpause will certainly stop some ratware spam, but is not a > "full" solution. Agreed. Spammers have access to all the free CPU bandwidth and processing time they can steal - legitimate MTAs are limited to a budget. Any anti-spam solution that simply rewards CPU and bandwidth spent* is playing into the hands of the spammers. * Email stamps, "factor this product of large primes" challanges, greetpause -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
Re: greetpause was Re: xxxl spam
Mike Jackson wrote: You can also impose this cost on spammers by enabling the GreetPause feature in the more recent versions of sendmail. This tells sendmail not to answer right away when receiving a connection, and to drop the connection if anything is received before the greeting is sent out. This punishes "slammer" spammers who push the whole SMTP conversation through and then disconnect. It also ensures that every connection from an unknown sender takes a minimum amount of time. You can add exceptions in your access database for your customers and frequent correspondents. For example, this exception drops the GreetPause to zero for my LAN (example is for 10.123/16): GreetPause:10.123 0 Is this as effective as greylisting? Perhaps not, but it also doesn't have any of the drawbacks (ie, delayed mail, need to whitelist non-behaving servers, etc.). I recently enabled it on my servers, and it's been stopping a ton of mail without any complaints from legitimate senders. greetpause only blocks some ratware spam. If I was to write spam and/or viruses, I would just add a sleep(x): given N victims, choose M among them: for i=0; iso greetpause will certainly stop some ratware spam, but is not a "full" solution. also, if your greetpause requires sleep()-ing on every connection, then it's not acceptable (for me) as this is a call for DoS. I am not aware of any async MTA [read: one that will not sleep, but will handle other connections in the meantime], at least in the open source world. If you are after "miscreants", then partial-greylisting is probably more effective (I mean greylisting some of the connections, based on the client name, ip, behaviour, ... etc).
Re: greetpause was Re: xxxl spam
You can also impose this cost on spammers by enabling the GreetPause feature in the more recent versions of sendmail. This tells sendmail not to answer right away when receiving a connection, and to drop the connection if anything is received before the greeting is sent out. This punishes "slammer" spammers who push the whole SMTP conversation through and then disconnect. It also ensures that every connection from an unknown sender takes a minimum amount of time. You can add exceptions in your access database for your customers and frequent correspondents. For example, this exception drops the GreetPause to zero for my LAN (example is for 10.123/16): GreetPause:10.123 0 Is this as effective as greylisting? Perhaps not, but it also doesn't have any of the drawbacks (ie, delayed mail, need to whitelist non-behaving servers, etc.). I recently enabled it on my servers, and it's been stopping a ton of mail without any complaints from legitimate senders.
greetpause was Re: xxxl spam
Kenneth Porter wrote: > You can also impose this cost on spammers by enabling the GreetPause > feature in the more recent versions of sendmail. This tells sendmail not > to answer right away when receiving a connection, and to drop the > connection if anything is received before the greeting is sent out. This > punishes "slammer" spammers who push the whole SMTP conversation through > and then disconnect. It also ensures that every connection from an > unknown sender takes a minimum amount of time. You can add exceptions in > your access database for your customers and frequent correspondents. For > example, this exception drops the GreetPause to zero for my LAN (example > is for 10.123/16): > > GreetPause:10.123 0 Is this as effective as greylisting? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
