Milter-greylist

On Tue, 7 Jul 2009, Adam Katz wrote:
>
> Bob Friesenhahn wrote:
>> It seems like this makes your server susceptible to DOS.
>
> If you don't have a hard connection rate throttle, you are correct.
> http://www.acme.com/mail_filtering/sendmail_config.html (as referenced
> in my previous email) has some good tips on that.

If you are talking about CONNECTION_RATE_THROTTLE, then this is just 
playing into the hands of someone who intends to cause DOS.  By making 
the server more resistent to those who intend to send spam, you make 
your mail server easier to block entirely, just like the kids who 
punch all the buttons on the elevator as they step out the door.

>> It also assumes that the bots are implemented well and will sever
>> slow connections.
>
> Please refer to http://mailchannels.com/images/drop-off.png (also in
> my last email), which uses Spamhaus data to prove that assumption.
> More to the point, 500 seconds is enough time for the connection to be
> severed, which is far less than the typical greylisting delay time.

This chart only summarizes current behavior.  It does not prove 
anything.  If many mail servers start to slow the connections, then 
the sbambots will respond by extending the allowed connection times. 
Spammers have more resources available than you do.

Bob
--
Bob Friesenhahn
bfriesen@..., http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/