Spam fritters

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
M 
MPhilip Hazel, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Nigel Metheringham
Fecha:  
A: Philip Hazel
Cc: exim-users
Asunto: Spam fritters
[Peering out of war torn bunker... bleary eyed!]
We have had the dubious privalege of being spammed/mailbombed this
weekend. At one point a multi-GB of disk spool partition went from
6% to 111% full within half an hour, as a thousand recipient message
wandered round and was replied to! To add insult to injury the
messages had the full recipient list in the headers - 1000*100byte
email addresses makes the message >100K before you start!

So, some pertanent suggestions for exim:-

1. General filtering based on general message attributes.
I want the ability to have exim freeze a message that comes in and
meets a particular set of criteria.
Specifically I'd like to be able to freeze messages with more than
n
recipients, or maybe more than x total bandwidth (where bandwidth
is
here defined as ((# recipients) * (message size))
The messages are then left for the postmaster to deal with.

2. Ability to put exim into refuse mode.
This can be done by killing the SMTP listeners, but the ability to
tell the daemon to either refuse connections, or to give them a
status
that tells them to push off!

Other points....
I don't want to start a flame war, and before Dan bursts in I am
going to put together a more cogent proposal to the qmail list on
this, so please give me a bit of time to make sensible comments :-).
However while adding something like a max recipients (or even max
receipients on this host) helps out the problem of being mailbombed
on a exim machine dramatically, if someone passes the messages via a
qmail machine, where the message then gets passed on to us as n smtp
streams, we are still sunk!! However we *do* sink more slowly since
I only have 10MB incoming SMTP bandwidth and the slowest link between
us and them will slow things down even more. Still sink fast or slow
you still need to control the situation! [Yesterday we must have hit
100MB/s bandwidth use within the machine for mail!].

There is a problem here with all mail systems currently in use - a
message to n recipients ends up with n copies on disk!

Cogent comments on this welcomed. Suggestions of what we do to the
people who started this probably cannot compete with our own
suggestions.... and kudos to Enterprise who were very helpful
(although the customer of theirs that helped keep the spam fritters
frying up might not agree). 

    Nigel.


-- 
[ Nigel.Metheringham@???   - Unix Applications Engineer ]
[ *Views expressed here are personal and not supported by PLAnet* ]
[ PLAnet Online : The White House          Tel : +44 113 251 6012 ]
[ Melbourne Street, Leeds LS2 7PS UK.      Fax : +44 113 2345656  ]





Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: Large RCPT list.Re: Spam fritters->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)