Autor: Marc Perkel Data: Para: exim-users Asunto: Re: [Exim] Idea to slow down spammers
Just a quick thought on the method for slowing down spammers.
Supposed you had a secondart MX record pointing to a second IP address
on the same machine. Then on the regular IP you just block them when
they try to connect. So then when they roll over to the second IP they
get a different Exim that is not a daemon - but invoked through xinetd.
Xinetd has rate limiting in it (as I remember) that can make the server
look like it's running on a 300 baud modem. Thus the spammer will be slowed.
As to how slow - if this trick became common the idea is that there
would be tens of thousands of servers out there configured to slow these
spam servers down. So - you would have to slow them down for hours -
just something that was say 30 cps or so would be good enough.
Spammers count on speed. The have to deliver spam as fast as they can.
So - in theory - if I slow a spam delivery down by a factor of 10 to 1
then 9 other people don't get spammed. A regular normal email server
isn't that busy so if an email hits a slow connection by mistake - the
non-spam is delivered - just delayed a bit.
And - I would even post to a public list that I do this so that spammers
would blacklist my side as a slow site and not try to spam me.
Anyhow - this is an idea that's still in the raw. It may or may not pan
out - but I thought that maybe other might have some thoughts on this. I
do want some kind of strategy that strikes back. And one thing I believe
would hurt spammers and not hurt normal mail servers if to slow them
down - a lot.
I remember this trick was used to slow down the spread of the Code Red
virus. There was an Apache trick that when it saw a Code Red request it
would just go really slow and trap the virus there. I wonder if spam can
be attacked in a similar manner?