[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smtpserver message-rate-counter (ratelimitmsgs policy)

On Fri, 2004-04-09 at 12:45, Matti Aarnio wrote:
> On Fri, Apr 09, 2004 at 11:42:05AM +0400, Eugene Crosser wrote:
> > Too bad that this approach is not cluster-ready...
> It is next thing to add to the present subdaemon.
> (After writing router and contentfilter subdaemons..
> or before; who knows..)

What we have now on our system (source not publishable, at least at this
moment, sorry):

having accepted next RCPT TO from the remote, smtpserver sends request
to an external daemon (via API call, with underlying UDP) and waits for
responce (a little, say, 3 seconds, so if the daemon is dead it does not
break mail acceptance).  The request contains IP address of the peer and
its back-resolved name.  The rate-limiting daemon applies policy based
on the IP address and the name and responds with "tarpit for XXX
seconds" or "give them 4xx response with explanation text YYYY".

Rate-limiting daemon (can be) rather sophisticated. For instance, it
resolves addresses of our dialup pools into logged user names, and
applies "rating" to the user rather than IP address.  It also applies
different formulae to different classes of peers (e.g. unresolvable are
less trusted than resolvable).

Future plans include feeding DCC style data based on the contents of the
message, so that the rating could be increased faster if the peer was
caught on sending alleged spam.

Of course there are whitelists (policy that always yields zero delay).


This is a digitally signed message part