Matthew Kaufman wrote:
Original message <9608221609.AA21172@wisdom.home.vix.com> From: Paul A Vixie <paul@vix.com> Date: Aug 22, 9:09 Subject: Re: *** MAKE SPAM@INTERRAMP.COM DIE FAST!!! *** (fwd)
Even if I wanted to do this, I don't think I could take the performance hit running an access list that large on my incoming ports would create.
Thus the beauty of a Null0 route. The initial SYN from their spam maker gets through to your SMTP server, but the initial ACK goes into the hole rather than back out to their spam maker. It costs you a TCP PCB for a short while on the SMTP server, but there are never enough packets to make this expensive. And no spam gets through. Try it, you'll like it. -- End of excerpt from Paul A Vixie
Our mail server regularly gets stuck with a full listen queue due to occasional cases of one-way routing out on the net,... deliberately introducing this would kill it. Consider, for instance, that the spammer is probably sending mail to dozens of accounts on your system, and each attempt will generate multiple SYN's, and each one of those wastes a slot for several minutes. Even if you've cranked it up from the default of 5, you'll be hosed for hours.
Of course, I suspect that any evidence that multiple providers were filtering mail based on some agreed-upon list would land all of them in court, though I'm not a lawyer.
I'd have thought the people likely to take you to court would be your customers - for not letting people from particular sites send them email (this assumes that your contract actually guarantees any conncectivity to the Internet of course, and I get the impression many Internet service contracts read mostly like disclaimers. :) ).
Imagine, for a minute, that some spammer discovers that one of YOUR unix boxes can be used to forward mail for them, some weekend when you're out of town,... and your IP address gets blacklisted. How soon would you call your lawyer to help you recover from what could be a total loss of business?
I like the application level rejection thing - tying rejections to domain names means that you only have to worry about the "what" and "who" not the "where from", which is handy given how easy it is to a) claim to have a From address that is not yours, and b) bounce mail through different mail relays with the <user%domain@relay-domain> or <@relay-domain,@other-relay-domain:user@domain> hacks. Unfortunately your backup MXs can still accept the mail before it gets rejected by your mail machine, but it shouldn't be too tricky for them to stop accepting mail for *@somedomain addressed to you with the same app. level filtering. MAIL FROM:<user@interramp.com> 252 Sorry, we don't accept mail from Interramp due to continued "spamming"
-matthew kaufman matthew@scruz.net
Martin -- Martin Cooper <mjc@cooper.org.uk>