On Tue, 2 Dec 1997, Kuyper Hoffman wrote:
> > Would it? Seems like it would avoid bombing problems. Spammers don't
...
> Granted, but it is an additional form of protection, certainly
> against DoS attacks, no?
>
> Our machine frequently takes fairly hard hits, admittedly not all of
> that is Spam, and any protection would help.
Like what? I have a mail server with a 17MB rejectlog for yesterday!
Thats a hard hit.
There is tuning you can do to minimize problems. The "reserve" stuff is
good, to limit what external sites can do. You should also limit maximum
message size, and the maximum number of recipients per message.
> Anyone else have any thoughts?
Yes, a dbm based system with two databases, "from", and "to". Upon
receiving a valid SMTP "rcpt to", a counter in the "from" database is
incremented for the sender address, and a counter in the "to" database is
incremented for the recipient address.
This means the "from" database will contain the number different
addresses a sender has sent to, and the "to" database will contain the
number of different messages a recipient has received.
If the counters in either database exceed a certain limit, return a
temporary error. Use a nice high limit that only a DoS would hit (5000
should be fine for most sites).
Simply delete the "from" and "to" databases once a day to reset the
counters.
> Cheers
> Kuyper
> --
> / Kuyper Hoffman / Vox:+27.21.658.8718 O/H GMT+0200 /
> \ Kuyper@??? \
> /___________________________/ FAX:+27.21.683.4695 24h FAX /
> \ SysAdmin Manager UUNET Internet Africa PO Box 44633 \
> / http://kave.iafrica.com/kuyper Claremont 7735 South Africa /
> \______________________________________________________________\
>
Tom
--
*** Exim information can be found at
http://www.exim.org/ ***
