On Tue, 2004-06-29 at 18:12, Jeff Koch wrote:Hi Jason:
Thanks for the help. What exactly does 'tarpit' do? Something with a delay?
Yeah, basically, if qmail sees mail coming from the same source (not
sure what's considered a source), it will pause for a configurable
number of seconds before accepting the mail. This can cause timeouts on
the far end, slowing down the attacking server.
In an SMTP connection, after the sender has specified <tarpitcount> recipients, the server will wait <tarpitdelay> seconds in between each RCTP TO: command that the sender specifies.
So, it the sender is trying a dictionary attack (lots of recipients on a single SMTP connection), they'll be slowed down. If they're spamming a lot of users in your domain (one connection to send a message to multiple recipients), they'll be slowed down.
-- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
