Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Mon Nov 05 2007 - 04:46:15 CST
> if you search the archives, you'll find a post by $self where "sleep 1"
> is replaced by "warn_if_reject reject_rbl_client ..." calls.
> After Viktor reply, I installed this for a short period of time,
> and it did not catch anything.
Well, it's not exactly the same. In your case, no complexity was added
to the HELO as far as I can tell (aside from the delay). The general
idea of this thread was to (optionally) turn the HELO into a multiline
thing (perhaps already possible with \n or something?), and add a new
sleep option which introduces a short delay before the last line of a
multi-line string (given by the next command in chain) is printed.
The sleep (or similar simple delay) can be overcome by a spammer by
doing something akin to a blocking readline(), while the above would
force a spammer to parse the SMTP responses much more thoroughly.
>>> You also need to apply this selectively, ...
> because my MTA has other things to do than wait for yours to wake up!
> In short, that will consume resources of legitimate sites (unlike
> spammers, we do not have infinite resources).
A 1 second delay is nothing: the only resource your MTA is wasting is
an open TCP session, and TCP sessions tend to linger on for several
minutes after your MTA has initiated their closure - they go into the
TIME_WAIT state, which by default lasts something like 240 seconds.
By comparison, 1 second is nothing..
(I imagine here that your MTA is multi-threaded so it doesn't clog up
the whole to-be-sent pipeline whenever a single remote MTA sends it
into a tarpit or what not.)