On Fri, 2004-04-09 at 12:45, Matti Aarnio wrote: > On Fri, Apr 09, 2004 at 11:42:05AM +0400, Eugene Crosser wrote: > > Too bad that this approach is not cluster-ready... > > It is next thing to add to the present subdaemon. > (After writing router and contentfilter subdaemons.. > or before; who knows..) What we have now on our system (source not publishable, at least at this moment, sorry): having accepted next RCPT TO from the remote, smtpserver sends request to an external daemon (via API call, with underlying UDP) and waits for responce (a little, say, 3 seconds, so if the daemon is dead it does not break mail acceptance). The request contains IP address of the peer and its back-resolved name. The rate-limiting daemon applies policy based on the IP address and the name and responds with "tarpit for XXX seconds" or "give them 4xx response with explanation text YYYY". Rate-limiting daemon (can be) rather sophisticated. For instance, it resolves addresses of our dialup pools into logged user names, and applies "rating" to the user rather than IP address. It also applies different formulae to different classes of peers (e.g. unresolvable are less trusted than resolvable). Future plans include feeding DCC style data based on the contents of the message, so that the rating could be increased faster if the peer was caught on sending alleged spam. Of course there are whitelists (policy that always yields zero delay). Eugene
This is a digitally signed message part