[linux-elitists] Current client-side anti-spam best practices
Wed Sep 27 15:27:49 PDT 2006
begin Matthew Sayler quotation of Wed, Sep 27, 2006 at 02:26:37PM -0500:
> 1) P(drop) starts out at a medium value (1/5?) and reset to this value
> every time you get a RCPT TO
> 2) P(drop) decays as more DATA is recieved
I don't think you need to get this fancy. Raise
P(drop) every time the remote host sends RCPT to a
spamtrap, lower it every hour.
> Is there any benefit to NAK'ing the packets as opposed to just dropping
The point is to make the spammer spend more on
bandwidth to reach the same number of mailboxes, so
I think you'd want to drop. You want TCP to resend
without userspace on the spammer's box even being
aware of it.
> As you allude to in 1, it would be even cooler if you could initialize
> P(drop) on a perhost/persubnet value.
Yes, you only turn up P once the sending host has
mailed one of your spamtraps.
email@example.com LinuxWorld: August 14-17, 2006, San Francisco
More information about the linux-elitists