On 2006-12-24, at 1609, John Simpson wrote:
On 2006-12-22, at 1308, Erwin Hoffmann wrote:
introducing a delay in qmail-smtpd EHLO greeting by about 30 secs
will
reduce the amount of spam emails by typically 50%.
In case you believe it or even if don't believe it, use my 5 line
patch for
qmail-smtpd.c available here:
http://www.fehcom.de/qmail/qmail.html
you can take the same thing one step further... many spam programs
send their first command without waiting for the server to send the
initial banner. this is a violation of RFC 2821 section 3.2, and
RFC 821 section 4.3, both of which say that the client is supposed
to wait for the server's greeting before sending anything.
http://qmail.jms1.net/patches/greetdelay2.patch adds logic to hang
up on clients who "jump the gun" line this. basically, instead of
calling sleep(), it calls timeoutread() and barfs if it gets any
result other than "timeout".
i've cleaned up the idea somewhat. there is now the original
GREETDELAY variable, which works as erwin designed it, and there is
also a DROP_PRE_GREET variable which, if it exists and has a non-zero
value, will cause qmail-smtpd to hang up on the client if they
transmit anything before the greeting. if DROP_PRE_GREET is non-zero
but GREETDELAY is not set (or is zero), a one-second delay is used.
i've also added log messages, so that you can tell when a pre-greet
event happens: either the client sent data and is being disconnected,
or the client disconnected on their own before the server's timeout
expired.
http://qmail.jms1.net/patches/greetdelay3.patch is the updated patch
file.
--------------------------------------------------
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/ <jms1@jms1.net> |
--------------------------------------------------
| Mac OS X proves that it's easier to make UNIX |
| pretty than it is to make Windows secure. |
--------------------------------------------------
PGP.sig
Description: This is a digitally signed message part
|