Re: [Sqlgrey-users] Feature suggestion: kind of tarpitting

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Klaus Alexander Seistrup a =E9crit :
> On 17/05/05, Michel Bouissou <mi...@bo...> wrote:
>
>> 1/ When a new entry should be added to the connect table;
>>
>> 2/ BUT there are already more than "n" (a configurable number, default
>> 10 ?) entries in connect from the same SRC (messages that were not yet
>> correctly resent);
>>
>> 3/ THEN do NOT add the new entry to connect, but instead reject with
>> "450 Incoming rate too high, try again later".
>
> Then a culprit will be able to prevent legitimate email originating fro=
m
> the same IP address, won't he?

This won't happen if the considered IP only hosts one machine which is a
"normal" mailserver which retries all the messages that it has in queue.

This could possibly happen if this IP has a NATted LAN behind it, hosting
both a legitimate mailserver and spam/virus sources, in which case it is
this network's admin job to make sure that his network doesn't pollute th=
e
whole earth with junk. Even in this situation, already known "good"
addresses that have already made it to from_awl or domain_awl wouldn't be
blocked, only new connections.

I believe the idea is good ;-) and easy to implement (doesn't need
supplementary tables, only one more SELECT count(*)), but as the threshol=
d
should be controlled by a user-settable parameter, the feature should be
optional as well (parameter =3D0 ?).

Cheers.

--=20
Michel Bouissou <mi...@bo...> OpenPGP ID 0xDDE8AC6E
Appel de 200 Informaticiens pour le NON au Trait=E9 Constitutionnel
Europ=E9en: http://www.200informaticiens.ras.eu.org