Print Page | Close Window

Tar Pits?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=228
Printed Date: 12 December 2017 at 7:26am


Topic: Tar Pits?
Posted By: Guests
Subject: Tar Pits?
Date Posted: 09 April 2003 at 3:10pm

First, the situation:

Normally, spam server connects to SpamFilter, is found on a MAPS list, and is blocked.  Spammer goes away. :)

Some spammers, after they get blocked by SpamFilter, keep trying over and over to send the same message, getting blocked each time. They keep trying every half second, with 6000 attempts before they quit. This fills up my log file with a LOT of noise for one message.

 

Now the suggestion:

(Probably wishful thinking)

Can we have a “tar pit” setting that would say (for example) “If the same source gets blocked x times in the last y seconds, don’t immediately drop the connection, just hold the connection open don’t reply to the SMTP conversation.”  This would a) keep our logs cleaner; and b) slow down the spam servers from sending mail to others.

 

Thanks,

Jerry




Replies:
Posted By: LogSat
Date Posted: 10 April 2003 at 6:37pm

Hi Jerry,

We understand the situation, and already had something in mind, even though not exactly what you suggest.

We're implementing a local cache of rejects so that if an IP has been rejected by a MAPS lookup, we'll cache it for a certain number of minutes, and immediately drop the subsequent connections without wasting time and resources with DNS lookups. It will be ready in a few weeks.

Creating the "tab pit" you mention by keeping the connection open is not something we'd like to do, as it leaves the possibility of having thousands (or dozens + thousands) of open pending connections on the server, thus killing it due to the high number of open resources.

Thanks for the suggesiton!

Roberto Franceschetti
LogSat Software




Print Page | Close Window