Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Dec 2006 13:27:27 +0100 (CET)
From:      Oliver Fromme <olli@lurza.secnetix.de>
To:        freebsd-stable@FreeBSD.ORG, chris@vindaloo.com
Subject:   Re: OpenBSD's spamd.
Message-ID:  <200612191227.kBJCRRLJ054427@lurza.secnetix.de>
In-Reply-To: <freebsd-stable.45844912.7070103@vindaloo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Hilton <chris@vindaloo.com> wrote:
 > Between OpenBSD 3.7 and 3.8 spamd gained the ability to tarpit or 
 > stutter at all connections for a configurable period of time. I 
 > understand that stuttering for the first few seconds of the SMTP dialog 
 > causes many spammers to go away before even generating a greylisting 
 > tuple.

What does stuttering mean?  Is it similar to sendmail's
"greet_pause" feature?

The greet_pause feature is quite useful.  It causes sendmail
to wait for a configurable amount of time (5 seconds is a
good value) between accepting the connection and sending its
initial SMTP greeting line.  If it receives _anything_ from
the remote side during that time, no mail is accepted from
this connection.

Many spammers use botnets with very simple software that
doesn't really speak SMTP, but simply opens connections to
port 25 and sends fixed strings without paying attention to
what the server responds.  Those are catched and disabled by
the "great_pause" feature.  Indeed, no greylisting tuples
are generated because no MAIL/RCPT is accepted from the
connection.

 > It's something I'd like to try and see for myself and it will be 
 > fairly easy since my primary MX is behind an OpenBSD firewall. However, 
 > my secondary MX is a FreeBSD box with no such protection and I fear that 
 > the spammers will just take advantage of the fact that my secondary MX 
 > has weaker protections than my primary.

In fact, it seems that spammers prefer sending to secondary
MX servers because they assume that they're less protected
that the primary MX servers.

For that reason you should always put the same protection
on both primary and secondary servers.  If you use a backup
MX that doesn't do greylisting, then spam will leak through
it to your primary (which has to trust the secondaries).

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"FreeBSD is Yoda, Linux is Luke Skywalker"
        -- Daniel C. Sobral



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612191227.kBJCRRLJ054427>