[Top] [All Lists]

Re: Proposal: Using Conservative EHLO Response Parser Behaviour For Tarpitting

2007-06-18 09:11:09

Hi Sabahattin,
At 18:27 17-06-2007, Sabahattin Gucukoglu wrote:
My idea is to replace greylisting with a connection-delaying technique
that will make the SMTP client wait until we're certain it is genuine.  We
differ from Greylisting only in how we determine that an SMTP client is
genuine; greylisting uses the fact that the client will come back, and
we'll use the fact that the client knows what continuation lines are and
that it must stay silent while we send periodic lines in the HELO/EHLO
response for a given time.  This isn't unlike teergrubing, except that we
don't need dedicated hosts for this technique and we slow the connection
down as soon as it's possible rather than while mail is being delivered.
We must not allow the client to pipeline any commands before EHLO or HELO,
and we must not allow the client to initiate a MAIL transaction until
issuing EHLO or HELO and completing the challenge either (unless, at the
server's discretion, the client has already "Proven" itself).  A client
that waits ("Proves itself") for a specified duration in minutes (five,
say), during which it is receiving five-secondly (for instance) "Stay on
the line" notices, shall eventually be allowed to see service extension

Some clients won't wait that long. They will close the connection and may retry again. There is no guarantee that the delivery retry will be from the same host. The connection oriented approach suffers from the same problems as what you listed for the transaction-oriented approach to greylisting.