how to fight against mailbombing? (!= Tarpitting) [from qmail list]

[Olivier Mueller <om-lists-qmail-ldap@xxxxxx>]

Hello,

Many of the solutions I got from the Qmail list are patches
against qmail-smtpd. As I'm using the qmail-ldap smtpd,
I guess this would be the best place to talk about it... :)

Claudio/André, what do you think about the concept of the
http://spamthrottle.qmail.ca/  patch  ? (sombody asked that in 
May this year on the qmail-ldap list, but there were no feedback)

Cheers,
Olivier

-------- Forwarded Message --------
From: Olivier Mueller <om-lists-qmail@xxxxxx>
To: qmail@xxxxxxxxxxxxx
Subject: how to fight against mailbombing? (!= Tarpitting)
Date: Mon, 13 Sep 2004 17:25:32 +0200
Hello, bonsoir,

Last night I had to rescue a qmail attacked server: somebody opened
a few smtp slots, and sent about 15'000 mails to 'dictionnary-generated'
adresses (aaa@xxxxxxxxxxx, aab@xxxxxxxxxxx, abc@xxxxxxxxxxx, ...)
all to a target domain hosted on the server. 

With a 'vanilla-qmail' system, everything would have been bounced
quickly. But that system used an antivirus system (qmail-scanner in
this case), and of course the load climbed very high.  We had to
stop everything and delete the mailbomb mails with qmail-remote. 

I'm looking for a way to prevent such attacks... Tarpitting was
active on the server and didn't helped because the script kiddie
generated 15'000 _different_ messages, not one mail with 15'000
RCPT TO:...

Isn't there a way to tell qmail-smtpd: "die after 100 mails" ? 
I quickly checked the antispam patches on the qmail homepage
but it doesn't seem to be implemented anywhere... 

What would you suggest? :)
regards,
Olivier

-- 
_______________________________________________________
 Olivier Müller - PGP key ID: 0x0E84D2EA - Switzerland 
    E-Mail: http://omx.ch/mail/ - AIM/iChat: swix3k