[linux-elitists] Current client-side anti-spam best practices

Don Marti dmarti@zgp.org
Wed Sep 27 15:27:49 PDT 2006


begin Matthew Sayler quotation of Wed, Sep 27, 2006 at 02:26:37PM -0500:

> 1) P(drop) starts out at a medium value (1/5?) and reset to this value
> every time you get a RCPT TO
> 2) P(drop) decays as more DATA is recieved

I don't think you need to get this fancy.  Raise
P(drop) every time the remote host sends RCPT to a
spamtrap, lower it every hour.

> Is there any benefit to NAK'ing the packets as opposed to just dropping
> them?

The point is to make the spammer spend more on
bandwidth to reach the same number of mailboxes, so
I think you'd want to drop.  You want TCP to resend
without userspace on the spammer's box even being
aware of it.

> As you allude to in 1, it would be even cooler if you could initialize
> P(drop) on a perhost/persubnet value.

Yes, you only turn up P once the sending host has
mailed one of your spamtraps.

-- 
Don Marti                    
http://zgp.org/~dmarti/
dmarti@zgp.org           LinuxWorld: August 14-17, 2006, San Francisco



More information about the linux-elitists mailing list