On Thu, Dec 09, 2004 at 11:18:16PM -0700, Michael Loftis wrote: > --On Friday, December 10, 2004 16:43 +1100 Craig Sanders > <[EMAIL PROTECTED]> wrote: > > >DoS is a huge exaggeration. a few smtpd processes waiting to timeout > >does not constitute a DoS. neither does a few dozen. > > I had about 800 waiting around in just a few minutes on the one server > I began testing it on, but this is a large installation. And this > isn't peak time...It's holding at around 1000 blocked hosts, most of > them for blacklist infractions.
i certainly wouldn't recommend running it on a large installation. i'm surprised you even tried. i run it on my home system at the moment. i wouldn't run it at work. i experiment with lots of things on my home system that i wouldn't even think of doing at work. some of them, very few, actually turn out to be worthwhile and safe enough to use at work. try dropping only SYN smtp packets if you still want to experiment with it, adding "--syn" to the end of the iptables args in the scripts. that should stop the hanging processes. > But when you've got a lot of mail (and a number of customer domains > that just tend to attract junk) it's easy to get a lot of processes > hanging around. unfortunately, my domain seems to attract a lot of junk. i've had my domain for over 10 years, and kept the same email address all along. and i've been joe-jobbed many times over the last decade by spammers who don't like me (or my anti-spam methods, or the fact that i share them openly), and i've had thousands of bogus, non-existant addresses in my domain added to spam lists also by spammers who don't like me. the current crop of spammers probably don't even notice or care, but in the early days of spam it was different. spammers got very offended and took it personally...which, of course, was excellent incentive to keep on blocking them :) i pissed off quite a few in the very early days, when spammers didn't hide their identities and hadn't yet learned not to use their own address. one of the things i wrote was a script which i could bounce spam to. it would then parse the sender addresses and add it to a database of spammers....and sent copies of each spam to a random subset of the database. that infuriated them and amused me no end. my intention was to annoy them at least as much as their MMF or green card or whatever spam had annoyed me. unfortunately that stopped being a viable tactic fairly quickly, and it certainly wouldn't scale to anything like the spam load of today (back then 1 or 2 spams every few days was a lot. now i wouldn't even notice it). craig ps: anyone know if MMF spams still happen? i haven't seen one for years. could be my body checks rules block them all, or maybe they've just given up since 419 scams are more lucrative. -- craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
