From owner-freebsd-hackers Sat Dec 18 17:21:10 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from monkeys.com (i180.value.net [206.14.136.180]) by hub.freebsd.org (Postfix) with ESMTP id F0A0A15155 for ; Sat, 18 Dec 1999 17:21:04 -0800 (PST) (envelope-from rfg@monkeys.com) Received: from monkeys.com (localhost [127.0.0.1]) by monkeys.com (8.9.3/8.9.3) with ESMTP id RAA44342; Sat, 18 Dec 1999 17:20:59 -0800 (PST) To: Ken Bolingbroke Cc: hackers@FreeBSD.ORG, lutz@iks-jena.de Subject: Re: Practical limit for number of TCP connections? In-reply-to: Your message of Sat, 18 Dec 1999 14:29:30 -0800. Date: Sat, 18 Dec 1999 17:20:59 -0800 Message-ID: <44340.945566459@monkeys.com> From: "Ronald F. Guilmette" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message , Ken Bolingbroke wrote: >> If you would like to see an example of a very simple multi-connection server >> that runs as a single process (written in C) as described above, let me know >. > >I'd be very interested in seeing this, if you could post a URL perhaps? OK. Try this URL: ftp://ftp.e-scrub.com/pub/teergrube/sendmail-8.9.3-teergrube-patches.gz Fetch that file and then un-gzip it. Once you have done that, get a virgin set of Sendmail 8.9.3 sources, unpack them, cd to the root of the resulting directory, and then use un-gzipped file as a patchkit to patch the Sendmail sources. Then read the README.teergrube file which describes everything in great detail. (The part you are really looking for... the simple milti-connection daemon... is in the file tgd.c.) Basically, this patchkit adds a new (but very simple) daemon program to the Sendmail distribution. After applying the patches, and building Sendmail as you normally would, you will end up with both an executable for Sendmail and also an executable called `tgd'... the teergrubing daemon. (These will both get installed, e.g. into /usr/sbin) when/if you then install Sendmail as you normally would.) The code for the tgd daemon, in addition to being a simple demonstration of a single-process/multi-connection server daemon (as well as a nice simple demonstration of how to pass open file descriptors via UNIX domain sockets) also has a great deal of utilitarian value, especially if you happen to be one of the folks who, like myself, abhor all of the e-mail spam that seems to ceasely flow through the net's many remaining open and unsecured mail relays. Suffice it to say that if we could get a couple of hundred sites running this daemon, the current unsecured mail server hijacking problem on the net could be (and most likely would be) almost instantly reduced to per- haps 1/100th of its current size... not necessarily because all those remaining open relays would get properly closed/secured by their owners, but just because they would all suddenly become a lot less effective as spam conduits. Please see: http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html for a brief introduction to basic tactical teergrubing. (The tgd daemon takes this quite a bit further, into what I would call ``advanced hard-core strategic teergrubing''). In a nutshell, teergrubing is the name that has been given to a simple technique that exploits a small but significant known weakness of most SMTP client implementations. This weakness is exploited to either slow down or halt the flow of e-mail from some SMTP client to some SMTP server. Teergrubing has been employed for some time in the fight against e-mail spam on the net, but I believe that it would be fair to say that the Sendmail patchkit whose URL is given above, and the `tgd' daemon contained therein, takes the general strategy of teergrubing to a new level. Teergrubing has been approved for use throughout the Internet by the Coalition for Non-Violent Resistance (CNVR). Ideally, tgd, and the associated Sendmail patches, should be used in conjunction with some external list of the IP addresses of ``bad'' e-mail sources that are to be disiplined. In this context, ``bad'' E-mail sources are either mail servers belonging to known spammers or else unsecured open mail relays (that may be remotely hijacked by spammers) or both. Three such lists exist at the present time. They go by the names of ORBS, RSS, and MAPS RBL. (Most people have probably heard of the MAPS RBL by now.) The ORBS list is most agressive of the three. It lists essentially any and all open/unsecured mail relays that have been brought to its attention. For more info regarding the ORBS list see http://www.orbs.org/. The RSS list only lists open mail relays that have already been found and explioted by spammers to relay spam. For more information on the RSS list see http://www.orbs.org/. The MAPS RBL list primarily lists IP addresses associated with mail servers of known spammers, but also lists some open mail relays that have already been exploited. See http://www.mail-abuse.org/rbl/ for more information on the MAPS RBL. The patchkit mentioned above allows any one of these lists to be used to select which mail senders will be teergrubed. In addition, a locally- maintained list of ``bad'' e-mail sources may also be specified, in addition to one of the external lists just mentioned. One last word about the goals of teergrubing... It will in fact most likely NEVER be possible to get every last one of the morons who are still running open/unsecured mail servers to properly secure/ close those servers. Some, perhaps many, will merely upgrade to more recent version of their current mail server software... versions which include anti-teergrubing logic... and then just continue on running their servers as open/unsecured mail relays. That's OK. Those few can then be blocked individually, and eventually, there will be so few of them remaining that all the spammers will be fighting over those few remaining open servers, just like fish struck in an ever-shrinking pond as the dry season approaches. The real point, for now, is just to force everyone (or almost everyone) to upgrade to recent-vintage mail servers that at least give them the CHOICE of whether or not to fully disble relaying by outsiders. (Old mail servers don't provide such options, but almost all current releases of all popular mail servers now DO provide this as a configuration choice.) -- rfg P.P.S. Real-world experience with tgd indicates that that on the order of 1 out of every 200 mail servers which are teergrubed will result in a nasty phone call (or e-mail) from the relevant (cluless) system administrator claim- ing that YOU are spamming HIM, when in fact the exact opposite is what is actually occuring. In these cases, a calm and patient lesson, provided to the clueless sysadmin, on how to properly read and interpret the output of `netstat' almost always succeeds in converting initial hostility to expres- sions of gratitude. P.P.S. Experience also indicates that on the order of 1 out of every 1000 or so teergrubed mail servers will result in a nasty phone call (or e-mail) in which the operator of the mail server on the other end of the open connection(s) will attempt to assert that what YOU are doing (teergrubing) is, in some unspecified way, ``illegal''. In such cases, it is best not to waste time arguing this ridiculous point, but rather to simply assert that your mail server is indeed accepting mail from the other party's mail server, but that due to circumstances beyond your control, it is merely doing so extraordinarily slowly. :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message