Lucas Valdeón Villa wrote:
No, not exactly. That's what tarpit does. Spam-throttle does it by net block.
Hi,
No, they are from different network segments :(
So spam-throttle patch won´t be effective. Afaik this patch tries to slow down connections from the same ip.
The attack is from several ips and they establish a connection doing this slow. So my concurrencyincoming is reach and server reject the new conections.
What I consider interesting for chkusr patch is a badrecipient limit. Dictionary attacks try several rcpt to: introducing sleep between each rcpt to. Look at http://netdevice.com/qmail/patch/goodrcptto-12.patch
and look for:
"To prevent dictionary attacks, the transmission channel is closed after the
number of bad recipients set in control/brtlimit or BRTLIMIT, two by default.
Repeated attempts from the same IPs may be handled by a cron that looks at the
logs and updates tcprules accordingly."
This is would be helpful .
Thank you and congratulations for your excelent work, Lucas
Tonino has sent me a beta version of the new chuser patch (notice the new spelling of the name). It has a LOT more features, including quota support, and rcpt to limits. You should email him and see if he'll send you a copy. It might be useful to you.
Regards,
Bill
