 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
23 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Deactivate tarpit...| From | Sent On | Attachments |
|---|---|---|
| niclas | Nov 10, 2007 6:41 am | |
| Sam Varshavchik | Nov 10, 2007 7:11 am | |
| Bernd Wurst | Nov 10, 2007 7:15 am | |
| Bernd Wurst | Nov 10, 2007 7:29 am | |
| Alessandro Vesely | Nov 10, 2007 9:00 am | |
| Bernd Wurst | Nov 10, 2007 9:09 am | |
| niclas | Nov 10, 2007 6:12 pm | |
| Alessandro Vesely | Nov 11, 2007 3:05 am | |
| niclas | Nov 11, 2007 3:38 am | |
| Bernd Wurst | Nov 11, 2007 4:01 am | |
| niclas | Nov 11, 2007 5:19 am | |
| Bernd Wurst | Nov 11, 2007 6:32 am | |
| Alessandro Vesely | Nov 11, 2007 10:54 pm | |
| niclas | Nov 12, 2007 3:49 am | |
| Gordon Messmer | Nov 12, 2007 10:50 am | |
| Dirk Kulmsee | Nov 13, 2007 10:13 am | |
| Sam Varshavchik | Nov 13, 2007 4:00 pm | |
| Dirk Kulmsee | Nov 13, 2007 4:28 pm | |
| Sam Varshavchik | Nov 13, 2007 4:42 pm | |
| Dirk Kulmsee | Nov 13, 2007 5:03 pm | |
| Sam Varshavchik | Nov 13, 2007 6:15 pm | |
| Dirk Kulmsee | Nov 13, 2007 7:08 pm | |
| Sam Varshavchik | Nov 13, 2007 7:17 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] Deactivate tarpitting? | Actions... |
|---|---|---|
| From: | Dirk Kulmsee (kulm...@netgroup.de) | |
| Date: | Nov 13, 2007 7:08:44 pm | |
| List: | net.sourceforge.lists.courier-users | |
Yes Sam! That is exactly the point which hurts. Being a proxy ASSP "tunnels" the connection from the sending mail server to my receiving Courier. Courier does the ESMTP dialog.
The bright side: if I set up all MXs as ASSP filters then all MXs will check with the mailbox server if the recipient exists and spammers' strategy to pour in junk on the 2nd MX which often has no knowledge of the existing mailboxes is rendered useless without me having to set up LDAP or the like.
The dark side: while checking for existing recipients the spam filtering machine _will_ produce errors on bad mail. Will it get
punished?
If you are talking about individual proxied TCP connections, only each individual connection gets 'punished'. Courier will tarpit whichever TCP connection is causing errors; other concurrent TCP connections -- even from the same host -- are unaffected.
However there are other negative reasons for this setup. One of the available defenses is an overall per-IP address (or /24 netblock) connection limit. This normally prevents a hostile attacker from flooding your server with thousands of connections and keeping it from accepting mail from anyone else. This works hand in hand with tarpitting; a hostile attacker is confined to a limited number of connections, all others in excess are dropped, and the remaining connections are tarpitted at the first sign of trouble.
That is true, but ASSP has an own setting for limiting simultaneous connections from the same IP.
connections originate from the same IP address as far as Courier is concerned, and there is no way to discriminate between different sending IP addresses -- and you are vulnerable to being bombed, unless your proxy has the ability to restrict the maximum number of open connections from the same source that it will forward.
Except from flooding, does the proxying through the same IP mean Courier will learn the IP "in the middle" as bad?
Still curious Dirk Kulmsee