[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blacklists

On Thu, Dec 09, 2004 at 11:18:16PM -0700, Michael Loftis wrote:
> --On Friday, December 10, 2004 16:43 +1100 Craig Sanders
> <cas@taz.net.au> wrote:
>
> >DoS is a huge exaggeration. a few smtpd processes waiting to timeout
> >does not constitute a DoS. neither does a few dozen.
>
> I had about 800 waiting around in just a few minutes on the one server
> I began testing it on, but this is a large installation. And this
> isn't peak time...It's holding at around 1000 blocked hosts, most of
> them for blacklist infractions.

i certainly wouldn't recommend running it on a large installation. i'm
surprised you even tried.

i run it on my home system at the moment. i wouldn't run it at work.

i experiment with lots of things on my home system that i wouldn't even
think of doing at work. some of them, very few, actually turn out to be
worthwhile and safe enough to use at work.


try dropping only SYN smtp packets if you still want to experiment with
it, adding "--syn" to the end of the iptables args in the scripts. that
should stop the hanging processes.

> But when you've got a lot of mail (and a number of customer domains
> that just tend to attract junk) it's easy to get a lot of processes
> hanging around.

unfortunately, my domain seems to attract a lot of junk. i've had my
domain for over 10 years, and kept the same email address all along.
and i've been joe-jobbed many times over the last decade by spammers
who don't like me (or my anti-spam methods, or the fact that i share
them openly), and i've had thousands of bogus, non-existant addresses in
my domain added to spam lists also by spammers who don't like me. the
current crop of spammers probably don't even notice or care, but in the
early days of spam it was different. spammers got very offended and took
it personally...which, of course, was excellent incentive to keep on
blocking them :)

i pissed off quite a few in the very early days, when spammers didn't
hide their identities and hadn't yet learned not to use their own
address. one of the things i wrote was a script which i could bounce
spam to. it would then parse the sender addresses and add it to a
database of spammers....and sent copies of each spam to a random subset
of the database. that infuriated them and amused me no end. my intention
was to annoy them at least as much as their MMF or green card or
whatever spam had annoyed me. unfortunately that stopped being a viable
tactic fairly quickly, and it certainly wouldn't scale to anything like
the spam load of today (back then 1 or 2 spams every few days was a lot.
now i wouldn't even notice it).

craig

ps: anyone know if MMF spams still happen? i haven't seen one for years.  could
be my body checks rules block them all, or maybe they've just given up since
419 scams are more lucrative.

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)
Reply to: