Date: Tue, 19 Dec 2006 13:27:27 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG, chris@vindaloo.com Subject: Re: OpenBSD's spamd. Message-ID: <200612191227.kBJCRRLJ054427@lurza.secnetix.de> In-Reply-To: <freebsd-stable.45844912.7070103@vindaloo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Hilton <chris@vindaloo.com> wrote: > Between OpenBSD 3.7 and 3.8 spamd gained the ability to tarpit or > stutter at all connections for a configurable period of time. I > understand that stuttering for the first few seconds of the SMTP dialog > causes many spammers to go away before even generating a greylisting > tuple. What does stuttering mean? Is it similar to sendmail's "greet_pause" feature? The greet_pause feature is quite useful. It causes sendmail to wait for a configurable amount of time (5 seconds is a good value) between accepting the connection and sending its initial SMTP greeting line. If it receives _anything_ from the remote side during that time, no mail is accepted from this connection. Many spammers use botnets with very simple software that doesn't really speak SMTP, but simply opens connections to port 25 and sends fixed strings without paying attention to what the server responds. Those are catched and disabled by the "great_pause" feature. Indeed, no greylisting tuples are generated because no MAIL/RCPT is accepted from the connection. > It's something I'd like to try and see for myself and it will be > fairly easy since my primary MX is behind an OpenBSD firewall. However, > my secondary MX is a FreeBSD box with no such protection and I fear that > the spammers will just take advantage of the fact that my secondary MX > has weaker protections than my primary. In fact, it seems that spammers prefer sending to secondary MX servers because they assume that they're less protected that the primary MX servers. For that reason you should always put the same protection on both primary and secondary servers. If you use a backup MX that doesn't do greylisting, then spam will leak through it to your primary (which has to trust the secondaries). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "FreeBSD is Yoda, Linux is Luke Skywalker" -- Daniel C. Sobral
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612191227.kBJCRRLJ054427>