teldeonline.no

• Next message: Amos Gouaux: "Re: LMTP hackings"
• Previous message: Wietse Venema: "Re: smart anti flood tools"
• Maybe in reply to: sadiego2.pl: "smart anti flood tools"
• Next in thread: Ralf Hildebrandt: "Re: smart anti flood tools"
• Maybe reply: Terje Elde: "Re: smart anti flood tools"
• Reply: Ralf Hildebrandt: "Re: smart anti flood tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Bennett Todd (betrahul.net) [000202 16:25]:
> Anybody want to suggest criteria for defining what constitutes a
> mail flood? Once we know what we're looking for, we can try and
> invent an efficient way to spot it.

IMHO making a good rule is as hard as it gets. When a client who's using a
dialup link to flush mail from an entire office goes online, you can often
see a few hundred, if note closer to a thousand (rare tho) legit emails
being spit out.

If you want to set a limit, it might make sense to use the From header,
because even if it's a single dialup link sending all the mail, it'll come
from different people, thus you won't shut down that IP, which you might
do if you were to go by connected IP.

Then again, a spammer could easily set his From's to random people.

And what about mailing lists? When a offline company sends a mail to a
mailing list with 6000 of it's clients, and it goes online to send them
all...

So many questions, so few answer :(

Terje Elde

-- 
mkpw "acjakzqjm" | uiqt giapg-piks-zmycmabgiapg.kwu
Qn gwc'zm vwb wv bpm tqab, gwc'zm vwb kwwt. Aquxtm ia bpib.

• application/pgp-signature attachment: stored

• Next message: Amos Gouaux: "Re: LMTP hackings"
• Previous message: Wietse Venema: "Re: smart anti flood tools"
• Maybe in reply to: sadiego2.pl: "smart anti flood tools"
• Next in thread: Ralf Hildebrandt: "Re: smart anti flood tools"
• Maybe reply: Terje Elde: "Re: smart anti flood tools"
• Reply: Ralf Hildebrandt: "Re: smart anti flood tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]