spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Morton <morto...@dgrmm.net>
Subject Re: Newest spammer trick - non-blank subject lines?
Date Thu, 11 Feb 2010 16:23:30 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Cardwell wrote:
> On this system, not much. On the scale of about 6,000 messages a day.

Very light duty then. :)

> Even if SpamAssassin isn't used during SMTP, there's nothing stopping
> somebody who wants to DOS you from just setting their DOS tool to hold
> open connections and spend lots of time waiting between issuing SMTP
> commands... It could even go straight through to the DATA phase and send
> a 10MB email at a speed of 1 byte per second.

True, though most MTA's have some defenses built for this, but waiting
to scan for spam by nature takes time, and so these defenses must be
lowered to allow it.

> I don't think moving SpamAssassin to after the SMTP transaction has
> finished would help prevent someone from performing a DOS.
> 
> If you *can* do SMTP time spam scanning, then that's the best place for it.

- From experience with larger ISP settings, and some large enterprise
settings, it doesn't take a malicious attempt - normal traffic can be
bursty and bring a system to its knees.  From a practical standpoint,
it's just a whole lot easier to have the front line smtpd servers
swallow the email as fast as possible (some quick rbl or greylisting
aside) and then you can process in batches behind the lines.

It's scary when email starts piling up faster than all your scanners can
chew... but most admins I've met would prefer that to other mail servers
getting connection errors and possible bouncing or sending problem
reports back to the sender.


- --
David Morton <mortonda@dgrmm.net>

Morton Software & Design  http://www.dgrmm.net - Ruby on Rails
                                                 PHP Applications
Maia Mailguard http://www.maiamailguard.com    - Spam management
                                                 for mail servers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFLdC8CUy30ODPkzl0RAlSnAJ4tjvtTkZnfTSt3xyDMsMx/A0565wCfb1GT
qgz12JDzpApjgoLmcN208e8=
=XivG
-----END PGP SIGNATURE-----

Mime
View raw message