Original message <9608221609.AA21172@wisdom.home.vix.com> From: Paul A Vixie <paul@vix.com> Date: Aug 22, 9:09 Subject: Re: *** MAKE SPAM@INTERRAMP.COM DIE FAST!!! *** (fwd)
Even if I wanted to do this, I don't think I could take the performance hit running an access list that large on my incoming ports would create.
Thus the beauty of a Null0 route. The initial SYN from their spam maker gets through to your SMTP server, but the initial ACK goes into the hole rather than back out to their spam maker. It costs you a TCP PCB for a short while on the SMTP server, but there are never enough packets to make this expensive. And no spam gets through. Try it, you'll like it. -- End of excerpt from Paul A Vixie
Our mail server regularly gets stuck with a full listen queue due to occasional cases of one-way routing out on the net,... deliberately introducing this would kill it. Consider, for instance, that the spammer is probably sending mail to dozens of accounts on your system, and each attempt will generate multiple SYN's, and each one of those wastes a slot for several minutes. Even if you've cranked it up from the default of 5, you'll be hosed for hours. Of course, I suspect that any evidence that multiple providers were filtering mail based on some agreed-upon list would land all of them in court, though I'm not a lawyer. Imagine, for a minute, that some spammer discovers that one of YOUR unix boxes can be used to forward mail for them, some weekend when you're out of town,... and your IP address gets blacklisted. How soon would you call your lawyer to help you recover from what could be a total loss of business? -matthew kaufman matthew@scruz.net