With which MTAs can you limit the number of connections by source address? How?
TarProxy will enable this via configuration files. I'm still working out the details so it's useful without too much scope creep. As it exists in my head, it will work in conjunction with whitelists to allow unlimited connections from certain addresses. Note however that in general you'll WANT TarProxy to accept as many connections from spammers/relays as possible. When too many connections are held open, some logic needs to be applied to decide which connections (if any) should be dropped.
At the TarProxy level, this is simple enough. My question was more related to the MTA -- how do you get it to do this, and how do you get TarProxy to tell it to do this?
Perhaps we could continue this in a different thread? I'm not crazy about this thread's title. :)
Done. Is this one better?
That's both interesting and encouraging, but there's a type of relaying it doesn't address - http form-mailers. Since I launched my website almost exactly a week ago, I've already had several http probes for /cgi-bin/formmail.pl. With my current vocabulary I can only categorize webservers that mail without restriction as open relays.
Okay, I can see that. I'll contact Paul Hoffman at the IMC to see if we can get them to re-run this survey, but this time include webservers in their list of machines to test.
I recently subscribed to the asrg mailing list (http://www.irtf.org/charters/asrg.html - pretty high traffic) to lurk in digest mode, and one poster suggested exactly this.
I'm not convinced that the ASRG is ever going to come of any good -- it's years late and billions of dollars short.
However, maybe I should subscribe to it as well.
<Sigh>
Like I need more legitimate e-mail overflowing my mailbox....
His implementation tempfails the first receipt of EVERY message. I was surprised when he cited only a 20% decrease in spam as a result (it's GOOD, but I thought it would be much higher).
I had heard of this kind of approach, but had not heard what the results were.
This seems to indicate that 80% of spam messages either go through some sort of relay or originate at a spammer's server that actually DOES retry. My unbacked assumption is that its mostly the former, and as you suggest, this should have quite a dramatic impact on relays.
It's not uncommon for most spam to be sent by people (students or whatever) that use provided software that relays through their local servers, or which uses a spam relay network.
Indeed, I came up with the idea that you could do a global server load-balancing network and point it at known open relays (as kindly detected for you by ORBS or whatever), and result in a supremely large spam relay network. If you chose a different target at random for each connection, and if the load could be spread across enough machines, then the added load per machine would be almost undetectable. Nasty.
A feature like this shouldn't be terribly difficult to implement when TarProxy moves to a store-and-forward model.
I'd like to be able to have TarProxy tell sendmail (or whatever) to do this before then. It should also be able to hand off the message to Vipul's Razor (or whatever) to get a determination of whether or not it has been reported as spam, and the various other logical things.
-- Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) ---- : The tarproxy-list mailing list is archived at : http://www.mail-archive.com/tarproxy-list%40martiansoftware.com/ : : To unsubscribe from this list, follow the instructions at : http://www.martiansoftware.com/contact.html : : TarProxy's project page can be found at : http://www.martiansoftware.com/tarproxy
