Re: [exim] Caching Spammers to Speed Processing

Top Page

Reply to this message
Author: Richard Clayton
To: Marc Perkel
CC: Exim Users Mailing List
Subject: Re: [exim] Caching Spammers to Speed Processing
In message <42112CC2.7010105@???>, Marc Perkel <marc@???>

>After the first spam to 3 or more people I add the IP address of the
>host to a list. That list returns DEFER when the host reconnects to send
>more spam. Every hour - I empty the list. The idea being that just in
>cast there are non-spammers on that host then they only get delayed an
>hour rather than rejected.

So if $LARGE_ISP$ has a handful of compromised customers sending spam
through their "smarthost" you will, in practice, never reply anything
other than DEFER to any customer of $LARGE_ISP$ -- except for the short
period every hour when none of the bad email is at the front of the
backlog queue that $LARGE_ISP$ has waiting to send you

In order to simulate quite how bad this will be, I suggest that you
assume that $LARGE_ISP$ will typically have about one compromised
customer per 10,000 users, but they are sending you anything up to
5,000 times the volume of any individual customer. Given that 1% of
$LARGE_ISP's customers send you email in any given hour you can now
calculate how big $LARGE_ISP$ needs to be before you never hear from
them again...

>So - anyone have any thoughts on this idea? And interest? So far the
>code to do this is really simple.

should be simple to skip out then :)

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin