Search the recent archive for teergrubing, (I called it a spambump, like a speedbump in a parking lot). Basically you send continuation messages every 15-60 seconds, a perfectly legitimate RFC, you just keep it up until you or the other side gives up.
I believe Marc Merlin (Hi Marc) on the list has implemented it as an option on Exim (a replacement for sendmail, but the config files are different, I could not quite get a handle on RBL invocation syntax from the doc's, maybe that has changed). You should be able to find my July discussion with him about it on the SA-exim list archives. I'd love to see a sendmail milter implemented, but "don't know nuthin' 'bout birthing no" sourceforge projects or their subsequent care and feeding. Most of the existing milters, spamass-milter, amavis seem to be very slow to change. The mime-defang seems to have more development activity and might be someplace one might be able to lay the proposal on the table. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, October 14, 2002 2:04 PM To: Carl E. Mankinen Cc: SA Talk Subject: Re: [SAtalk] SA feature/idea? I heard of a similar idea a while back. The nice thing about it is that it avoided all possible legal problems. It also consumed some resources on your MTA but it is surely doable. The trick was that as soon as you've identified that the message is spam during you MTA's conversation, slow the conversation down to a crawl. Make each part of the conversation take as long as technically allowed. Keep this up until the remote MTA either quits or until the last command (QUIT) is received and then return an error code like 421. :) The idea of giving non fatal error codes came up too. That way the remote MTA will keep trying until the MTA eventually times out the message. The point is that this is supposed to consume large amounts of resources on the spammer's MTA if he hits enough site doing this. I like the idea but I'm not sure how to implement it. :) Justin On Fri, 11 Oct 2002, Carl E. Mankinen wrote: > With all this talk of SA stalling, I decided to go ahead and post an > idea that a friend of mine posed to me a couple days ago. I don't > think he is interested in posting to the list, but he hates spam as > much as I do. > > The idea is to do something like the "CodeRed" tarpit (labrea, heh) > did for infected IIS servers, but instead use the technique to slow > down MTA's that are being used to deliver spam. > > It would be trivial to modify spamassassin on a high score spam email, > to hand off the address of the offender to a tarpit daemon. > > So if your MTA receives some spam, start sending half open tcp session > requests to the spam source/openrelay and slow it down. If a spammer > hits enough tarpits, then it would have the effect of totally DoS'ing > the relay he is using. I know that some of you will say this is a big > legal risk, but I wonder... > > What if you changed your 220 line to say "By connecting you agree to > legal terms at http://blahblah"; ? Would that be sufficient to prevent > legal issues? (I am sure some company will get pissed their mail > server stopped working, and rather hire attornies instead of geeks to > fix the problem.) > > Has anyone done anything like this yet? or has the idea been shotdown? > > I didn't hear alot of noise from people that had issues with the > CodeRed tarpit. I see no difference between an unpatched IIS server > that is being used to firehose out a worm and a "misconfigured" open > relay MTA that is being used to firehose out a bunch of UCE. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
