Menu
▾
▴
Re: [Sqlgrey-users] Feature suggestion: kind of tarpitting
|
From: Michel B. <mi...@bo...> - 2005-05-17 07:51:20
|
Klaus Alexander Seistrup a =E9crit : > On 17/05/05, Michel Bouissou <mi...@bo...> wrote: > >>> Then a culprit will be able to prevent legitimate email originating >>> from the same IP address, won't he? >> >> This won't happen if the considered IP only hosts one machine which is >> a "normal" mailserver which retries all the messages that it has in >> queue. >> >> This could possibly happen if this IP has a NATted LAN behind it, >> hosting both a legitimate mailserver and spam/virus sources, in which >> case it is this network's admin job to make sure that his network >> doesn't pollute the whole earth with junk. Even in this situation, >> already known "good" addresses that have already made it to from_awl o= r >> domain_awl wouldn't be blocked, only new connections. > > It could happen if the Good Sender and the Evil Sender are both using t= he > mail gateway of the same ISP. And if Good Sender is not already in *_a= wl > his mail could be blocked by Evil Sender's DoS'ing. > > I would like to be able to disable the feature in SQLgrey's config file= . I don't think so. Most of the times, the "legitimate" domains often comin= g from this ISP's mailserver will have reached the domain_awl long ago, so no messages coming from the couple IP/domain won't be greylisted anymore. If the "Evil Sender" abuses the ISP's mail gateway during a certain perio= d (and viruses and spambots usually don't work this way, they don't send thru ISP mailservers), then it may only cause a delay for other "unknow" messages coming from this ISP's mailserver (and not using the ISP main "from" domains), for the duration of the abuse. Anyway, as the ISP's mailserver is supposed to retry normally, the messages sent thru it, good or evil, will make it thru, only slower, whic= h has the advantage of leaving time for other anti-spam tools (blacklists, DSPAM, Razor, DCC...) to learn this spam and be able to block it with better chances. I believe that problems are very unlilely to happen, but anyway I agree that the feature should be optional (n=3D0: don't use). --=20 Michel Bouissou <mi...@bo...> OpenPGP ID 0xDDE8AC6E Appel de 200 Informaticiens pour le NON au Trait=E9 Constitutionnel Europ=E9en: http://www.200informaticiens.ras.eu.org |
