Mark Martinec:
> Just came across this one, might be interesting.
> It sounds similar to postscreen's functionality:
>
> EuroBSDCon 2009:
> FreeBSD kernel protection measures against SMTP DDoS attacks,
> by Martin Blapp
>
> http://people.freebsd.org/~mbr/
> http://www.ukuug.org/events/eurobsdcon2009/papers/BSDCON09-SMTP-DDoS-Final.pdf
> http://www.disruptiveproactivity.com/other/eurobsdcon2009/smtp-ddos-protection.mp3
>
I suppose it can be done, but am not sure if the kernel is the
right place for this.
Postscreen's greetpause is only the first step in a sequence of
barriers that I expect will be needed. Adding greylisting support
would be a next step. Adding greylist support to a kernel-based
implementation looks unattractive.
Wietse
