[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Anti-DoS prevention [was Re: Comments on minion-spec.txt]

On Fri, 2003-05-16 at 13:16, Steve Crook wrote:
> I can appreciate the benefits of MMTP over SMTP as a delivery method, but are 
> the defences it provides up to the challenge of a frequently unfriendly user 
> community?

In two words: not yet, but this is a really interesting issue. :)

In the future (post 0.0.4, maybe some for 0.0.5), we'll have filtering
incoming MMTP by incoming IP address, pushing back on message delivery
when our disk is full, and more sophisticated behavior about dropping
undeliverable messages when we're under heavy load.

Final delivery goes through SMTP, so *there* you can use whatever
filtering techniques you already have.  We have a pretty nice set of
exit-address filtering features now, but they can get better as needed.

So, I put your question back to you, and to the list: *are* these
defenses up to the challenge?  What *other* filtering and MTA features
do current remops use to prevent abuse and DoS?  We should definitely
draw on the experiences of today's operator community, and not enter the
arms race undermatched.


Attachment: signature.asc
Description: This is a digitally signed message part