Re: policy server for mail bombing control?
This is a discussion on Re: policy server for mail bombing control? within the mailing.postfix.users forums, part of the Mail Servers and Related category; Cami: > Forrest Aldrich wrote: > > A great example of where this is highly effective is the automated > &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-01-2005
|
|||
|
|||
Re: policy server for mail bombing control?
Cami:
> Forrest Aldrich wrote: > > A great example of where this is highly effective is the automated > > spamming bots... last night, one of my servers got slammed with over > > 170 different connections (all bots, presumably). ALL connections were > > useless to them, and nothing got submitted (just a big syslog for me to > > look at). That other server is running Sendmail-8.13. > > > > There are schools of thought against this tactic, but I digress... the > > evidence that it works is clearly there. > > > > In either case, this could be accomplished in a "policy server", though > > I'd just assume have a main.cf variable to trigger. (and I'd write it if > > I were a programmer!). > > This is not possible in a policy server. Hang on.... it only takes a tiny fix in the reject_unauth_pipelining feature. With the configuration and patch below, Postfix stops clients that speak before the server has greeted them. % telnet localhost smtp Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. helo foo mail from:<> 503 <localhost[127.0.0.1]>: Client host rejected: Improper use of SMTP command pipelining Wietse /etc/postfix/main.cf: smtpd_delay_reject = no smtpd_client_restrictions = check_policy_service inet:127.0.0.1:9999 inet:127.0.0.1:9999 policy script or equivalent: sub smtpd_access_policy { sleep(1); return "reject_unauth_pipelining"; } Postfix smtpd_check.c patch: *** /var/tmp/postfix-2.2-20050131/src/smtpd/smtpd_check.c Sun Jan 30 19:57:35 2005 --- ./smtpd_check.c Tue Feb 1 10:11:15 2005 *************** *** 1285,1291 **** if (state->client != 0 && SMTPD_STAND_ALONE(state) == 0 ! && vstream_peek(state->client) > 0 && (strcasecmp(state->protocol, MAIL_PROTO_ESMTP) != 0 || strcasecmp(state->where, "DATA") == 0)) { return (smtpd_check_reject(state, MAIL_ERROR_PROTOCOL, --- 1285,1292 ---- if (state->client != 0 && SMTPD_STAND_ALONE(state) == 0 ! && (vstream_peek(state->client) > 0 ! || peekfd(vstream_fileno(state->client)) > 0) && (strcasecmp(state->protocol, MAIL_PROTO_ESMTP) != 0 || strcasecmp(state->where, "DATA") == 0)) { return (smtpd_check_reject(state, MAIL_ERROR_PROTOCOL, 
|
Linear Mode
