North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
- From: Brad Knowles
- Date: Sun Aug 18 15:10:53 2002
At 11:36 PM +0200 2002/08/17, Brad Knowles wrote:
I've been thinking about this a bit more. I think the best way
to implement protection mechanisms for something like this is using a
"milter" plug-in for sendmail. It would get called after the message
has been transmitted by the sending relay, but before your mail
server returns "250 Okay".
You mean, the IP address of the machine contacting you, or the IP
address of the originating machine? If the former, keep in mind
that many providers host a large number of customers, and you could
deny service to a lot of innocent people. If the latter, then you
would be vulnerable to forging.
This milter would do whatever you programmed it to do, but would
be able to check databases, compare times of previous messages from
the same IP address or network, etc.... Once a message passes all
the checks, the milter plug-in would return a code that tells the
sendmail program to accept the message, where the actual work is
performed by another program.
The advantage of milter is that it is inherently multi-threaded,
asynchronous, and capable of using an arbitrary number of off-system
back-end milter servers.
Brad Knowles, <email@example.com>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)