[linux-elitists] Current client-side anti-spam best practices
Don Marti
dmarti@zgp.org
Wed Sep 27 15:27:49 PDT 2006
begin Matthew Sayler quotation of Wed, Sep 27, 2006 at 02:26:37PM -0500:
> 1) P(drop) starts out at a medium value (1/5?) and reset to this value
> every time you get a RCPT TO
> 2) P(drop) decays as more DATA is recieved
I don't think you need to get this fancy. Raise
P(drop) every time the remote host sends RCPT to a
spamtrap, lower it every hour.
> Is there any benefit to NAK'ing the packets as opposed to just dropping
> them?
The point is to make the spammer spend more on
bandwidth to reach the same number of mailboxes, so
I think you'd want to drop. You want TCP to resend
without userspace on the spammer's box even being
aware of it.
> As you allude to in 1, it would be even cooler if you could initialize
> P(drop) on a perhost/persubnet value.
Yes, you only turn up P once the sending host has
mailed one of your spamtraps.
--
Don Marti
http://zgp.org/~dmarti/
dmarti@zgp.org LinuxWorld: August 14-17, 2006, San Francisco
More information about the linux-elitists
mailing list