- Previous message: Sandy Drobic: "Re: posfix SAV tarpitted"
- Maybe in reply to: Len Conrad: "posfix SAV tarpitted"
- Next in thread: Rod Dorman: "Re: posfix SAV tarpitted"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Noel Jones (no email)
Date: Sat Oct 01 2005 - 19:25:27 EDT
At 05:17 PM 10/1/2005, Sandy Drobic wrote:
>Len Conrad wrote:
>
>>afaics, when postfix smtp SAV calls those IPs, the smtp session is
>>held by the other end indefinitely, some kind of heart-beat that
>>keeps postfix smtp from timing out.
>
>Can you find out what commands are used to keep the connection from
>timing out?
Likely the other site is using something that modifies the TCP
stream, not by sending a junk command. Note this is happening when
Len is trying to send mail (a sender address verification probe) not
when receiving mail. They could be using QoS on a firewall to limit
incoming smtp traffic to the equivalent of 1 char/second, or a tarpit
program. Doesn't really matter from our point of view.
Here's one well-known example of such a tarpit program
http://www.openbsd.org/cgi-bin/man.cgi?query=spamd
>>We have blocked these Class Cs at our gateway, but is there any
>>param in postfix that could reduce postfix's vulnerability to tarpitting?
>
>Perhaps smtpd_junk_command_limit, smtpd_noop_commands?
>The docs says Postfix accepts by default 100 of these commands
>before it increases the smtpd error count.
The controls you suggest are effective when receiving mail, but not
when sending mail, and postfix doesn't have any controls to drop slow
connections (and it's not clear it should). Even the various
smtp_*_timeout controls only work when the connection is stalled,
won't help when it's very slow.
-- Noel Jones
|
|
|