[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spam blocking engine

> Very simply, this hangs the full list of ~12,000 spam-sending
> IP/mask entries listed at www.spews.org off a pf(4) rdr-anchor
> (which is only entered for port 25).

This sounds a *lot* like something being worked on by a group
here in Pittsburgh, deny-spammers.

Rather than grabbing someone else's list of spammers, it builds
a list of spammers based on attempted connections (currently, it
defines "spammer" as "someone sending too many messages to
non-existent addresses", but that can be played with), and
passes it along to the firewall (currently, just blocking the
IP, although more interesting things like what you're doing are
easy too).  The ban ages, and after a while (3 days, IIRC), the
IP can get itself banned again.

It's currently not general enough to work in OpenBSD (it only
handles qmail as MTA and ipfw as packet filter), but that's what
I'm working on.

I like the forward-to-proxy idea better, but it still seems like
taking someone else's word for "who to ban" is problematic in a
production system.

> This will be chrooted and locked down further... and I also
> plan on adding stuttering to it, to waste the spammer's time
> further.

Excellent.  Is the stuttering in the 550-agent, or does it do
this via altq (I'm not up on altq enough to even know if this
could be done there easily...)?
 Matthew Weigel
 Research Systems Programmer