What is done through the ckuser patch, is what all other e-mail systems (escluding native qmail) all do usually.
So, this is a general problem for all e-mail systems.
Ciao,
Tonino
At 01/09/03 01/09/03 -0500, [EMAIL PROTECTED] wrote:
Just thinking out loud.....
The approach of tarpitting is to slow down the attacker without impacting your network or requiring additional resources on your end to deal with the cracker. I *think* it does this by analyzing the volume of incoming SMTP requests from the same host.
The approach of chkuser is to reduce the amount of incoming messages by denying unknown recipients before the message Data is transmitted.
I would hate to see an expanded chkuser that requires extensive database activity to log/monitor/tarpit the username requests. That's throwing more resources at a problem....
I think its entirely appropriate to respond VERY slowly to an unknown username request. HOWEVER, if I suddenly have a shortage of SMTPD daemons because they are left open to service the "chkuser tarpit", and that hurts my email service quality, then I haven't gained anything. I would rather be fast at dumping chkuser denials and let them guess.
I guess if there was a child daemon that could handle ALL of the chkuser tarpits (instead of keeping an SMTPD open) then we might have something really great.
Sorry if I'm being too utopian, or too vague. Just trying to contribute. D.
> > I thought of this initially, but then I forgot because of the general gain > this patch gives. > > We could introduce a delay for each not existing user, or a limit for the > maximum number of "rcpt to". But for a massive hacker, that could not be a > problem. > > I'm thinking of a more sophisticated code, but I surely would need of a > database where to record every attempt. > > Let me know general opinions, > > Tonino > > At 01/09/03 01/09/03 -0700, Brad Dameron wrote: >>Speaking of this patch. I think there is a potential of people being able >>to harvest e-mail accounts using a dictionary, etc. They can connect up >>and just validate e-mail addresses with this patch to determine if they >>are valid or not. This could be a spammers dream come true. I have seen >>this occur on sendmail servers. >> >>Brad >>----- Original Message ----- >>From: <mailto:[EMAIL PROTECTED]>Shane Chrisp >> >>Tonino, >> >> Thanks for the reply. That has fixed the problem. Compiles now, and it >> works still with >>the mysql backend. >> >>cheers >> >>Shane >> > > > ------------------------------------------------------------ > [EMAIL PROTECTED] Interazioni di Antonio Nati > http://www.interazioni.it [EMAIL PROTECTED] > ------------------------------------------------------------ >
------------------------------------------------------------
[EMAIL PROTECTED] Interazioni di Antonio Nati
http://www.interazioni.it [EMAIL PROTECTED]
------------------------------------------------------------