[Top] [All Lists]

Re: Proposal: Using Conservative EHLO Response Parser Behaviour For Tarpitting

2007-06-17 19:41:42

At 2:27 am +0100 18/6/2007, Sabahattin Gucukoglu wrote:
However, in environments where clustering, proxying, load balancing or
gatewaying are used to share the load of distributing mail from an
identical source, greylisting will delay mail for longer than is necessary
if multiple attempts happen to be made by different hosts in a cluster.

If that is a problem for operators of such a system, they can always change it so that attempts for a particular transaction are always retried from the same IP.

I don't think making such a system hang around on a connection for 5 minutes is gaining them anything compared to having the same node in a cluster retry again 5 minutes.

I think that's everything.  Please let me know what you think.  Is it
feasible?  What would the implementers say?  Are the assumptions I've made
bad or violating anything?

In the MTA I write, graylisting isn't just used as an anti-spam mechanism, it is also used in combination with connection prioritization and some other features to try and minimize the impact of DDoS attacks. Holding connections open for significant periods of time rather than quickly returning a 4XX response would be incompatible with that.