A spammer can certainly open several simultaneous connections to an SMTP server, which is easily accommodated by enabling TarProxy to limit the number of simultaneous connections from any given address.
With which MTAs can you limit the number of connections by source address? How?
It's been mentioned on the list already but I think it's appropriate to note here that open relays will NOT modify their software to increase the number of simultaneous connections they make. Since open relays are most likely the bulk of the problem (I'd love to see numbers that can substantiate or refute this), TarProxy might have significant impact.
Very few open relays exist any more. See <http://www.imc.org/ube-relay.html>. Since August 2002, less than 1% of the tested servers are open.
Now, one concept that I've been rolling around in my head, is somehow using tarproxy (or something like it) to temporarily refuse to accept a mail message, for a given period of time (e.g., a day or three). Not only do you slow down their connection to the maximum allowed by the spec, but you go so far as to make them keep the message until you're ready to finally allow it through a few days later.
Spammers won't bother to queue the message on disk, and they'll just throw it away. Any relays that they pay for will have some serious disk space & disk I/O capacity issues.
Any false positives should ultimately make it through the system, even if they are significantly delayed -- unless they're being sent from a mail system that has a maximum queue delay of less than the period of time where you'd be tempfailing them, in which case they need to get a better mail server.
In essence, this just extends tarproxy to the logical conclusion -- not only do we delay their connection by several minutes, we delay the message itself by hours or days.
-- Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
