With all this talk of SA stalling, I decided to go ahead and post an idea that a friend of mine posed to me a couple days ago. I don't think he is interested in posting to the list, but he hates spam as much as I do.
The idea is to do something like the "CodeRed" tarpit (labrea, heh) did for infected IIS servers, but instead use the technique to slow down MTA's that are being used to deliver spam. It would be trivial to modify spamassassin on a high score spam email, to hand off the address of the offender to a tarpit daemon. So if your MTA receives some spam, start sending half open tcp session requests to the spam source/openrelay and slow it down. If a spammer hits enough tarpits, then it would have the effect of totally DoS'ing the relay he is using. I know that some of you will say this is a big legal risk, but I wonder... What if you changed your 220 line to say "By connecting you agree to legal terms at http://blahblah"; ? Would that be sufficient to prevent legal issues? (I am sure some company will get pissed their mail server stopped working, and rather hire attornies instead of geeks to fix the problem.) Has anyone done anything like this yet? or has the idea been shotdown? I didn't hear alot of noise from people that had issues with the CodeRed tarpit. I see no difference between an unpatched IIS server that is being used to firehose out a worm and a "misconfigured" open relay MTA that is being used to firehose out a bunch of UCE. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
