[conspire] Perimeter vs. host-edge security (wqs: MIMO wireless cards cheap at Fry's)

Don Marti dmarti at zgp.org
Tue Dec 13 10:26:17 PST 2005

begin Rick Moen quotation of Tue, Dec 13, 2005 at 05:14:32AM -0800:

> I call this "truly nasty" in part because it's a two-edged sword:  It
> slows down and hampers the spammers by tying up their resources, but
> each socket of theirs that you keep open as long as possible on their
> end, is also a socket you're keeping open as long as possible on _your_
> end.  You probably have better things to do with your MTA than telling
> thousands of spam processes "Please hold."  My MTA therefore doesn't
> ever attempt that particular trick.

The main problem I see with this one is that I've
already turned down the number of incoming SMTP
connections I'm willing to accept, to account for the
spam-filtering software that gets run for each one.

100 Postfix smtpd processeses: fine.  100 smtpds plus
100 spamc processes plus a busy spamd: not fine.

And since I can't really tell if one of my relatively
few smtpd processes is going to be just ticking
along teergrubing or clobbering the server with
regular expressions, I have to assume the latter,
and not teergrube.

Don Marti
dmarti at zgp.org

More information about the conspire mailing list