Getting pounded .. sigh

[Drew Marshall]

On 22 May 2006, at 19:15, Kevin Miller wrote:

> sandrews at andrewscompanies.com wrote:
>> I remember talk some time ago, not here, of a way to slow down the
>> sender by doing something with an ACK (really out of my pond here).
>> Anyone know what I might be thinking of?  If there's some way to hold
>> the connection to sender open, that would slow them down sending out
>> crap.
>
> I thnk you're thinking of sendmail's greet pause feature.  Works great
> for "botted" home machines, but real MX hosts aren't tripped up by it.
> Another feature that may be of some help is the recipient throttle
> (assuming he's using sendmail - Postfix, etc. probably have something
> similar) but I'm not using it myself so don't know for sure...

Postfix should be set by default under the in_flow_delay feature but  
this will only slow 'thundering heard' servers who are trying to make  
many connections per <short> time period. From memory Wanadoo are  
using Postfix servers as their main mail core so they will 'behave  
properly' so greet pause etc just won't work. This sort of attack is  
usually caused by compromised machine on the end of a DSL circuit  
which is configured to relay through the ISP's MTA. It shouldn't  
matter soon though as the servers in question will end up on a few RBLs.

Sadly, knowing the ISP in question, their sys admins won't care and  
will ignore the problem. I know several UK ISPs end up having to  
whitelist Wanadoo servers as they often end up on blacklists and with  
the size of the Wanadoo user base, too many people notice if Wanadoo  
mail goes 'missing'.

You could make yourself feel better and mail abuse at wanadoo.com but I  
wouldn't hold your breath :-(

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy