Short term rate and resources limiting

In November 1975, Jon Postel issued the historic RFC 706 On the Junk Mail Problem. His goal was clearly to warn people about the possibility of Denial of Service generated by Junk Mail. Many people refers to this RFC as being one of the first publications about spam. But this RFC presents two ideas to solve the problem : a distributed database of misbehaving hosts (Hmmmm…. looks like a realtime blacklist…), and the evaluation unwanted message rates !

706 - On the Junk Mail Problem
A Host might make use of such a facility by measuring, per source,
the number of undesired messages per unit time, if this measure
exceeds a threshold then the Host could issue the "refuse messages
from Host X" message to the IMP.

Jon Postel not only devised the problem, but also proposed solutions, which seemed to be completely ignored.

As long as the author knows, ze-filter was the first filter to implement (June 2002) the idea of measuring rates by mail filters, and limiting resources granted to SMTP clients, based on their consumption and behaviour. This idea was implemented, almost in the same time, by Claus Assmann on sendmail X (which was renamed later MeTA1). Connection rate and simultaneous open connections limiting per IP address by sendmail 8 is a contribution done by the author.

If you're aware of any mail filter or MTA which integrated these features before ze-filter and sendmail X/MeTA1, please let me know, so I can mention it here.

ze-filter evaluate some “resource” rates on a 10 minutes sliding time window - this is the “Short Term Rate Control” - the filter administrator can set limits based on some parameters :

  • Connection Rate
  • Message Rate
  • Recipient Rate

Other limits can be sets to some simultaneous parameters :

  • Simultaneous open connections
  • Messages in the same connection
  • Recipients in the same message
  • These limits are set to ALL sources : well and bad behaving SMTP clients.
  • The filter administrator can assign different limits to different sources or different network classes.
If you want to disable limits to some addresses/networks, it's enough to set the limit to 0. E.g. :
ConnRate:10.3.3.3       0
ConnOpen:10.3.3.3       0
RcptRate:10.3.3.3       0
MaxRcpt:10.3.3.3        0
MsgRate:10.3.3.3        0
MaxMsgs:10.3.3.3        0

Connection Rate

CHECK_CONN_RATE                YES
MAX_CONN_RATE                   15
database default values
ConnRate:DEFAULT                        15
ConnRate:127.0.0.1                      1000
ConnRate:LOCAL                          300
ConnRate:DOMAIN                         100
ConnRate:FRIEND                         30
ConnRate:dnsbl                          3

Simultaneous Open Connections

CHECK_OPEN_CONNECTIONS             YES
MAX_CONN_OPEN                      10
database default values
ConnOpen:DEFAULT                        10
ConnOpen:127.0.0.1                      30
ConnOpen:LOCAL                          15
ConnOpen:DOMAIN                         15
ConnOpen:FRIEND                         10
ConnOpen:dnsbl   			 2

Message Rate

CHECK_MSG_RATE                     YES
MAX_MSG_RATE                       100
database default values
MsgRate:DEFAULT                        15
MsgRate:127.0.0.1                      1000
MsgRate:LOCAL                          300
MsgRate:DOMAIN                         100
MsgRate:FRIEND                         30
MsgRate:dnsbl                           3

Recipient Rate

CHECK_RCPT_RATE                    NO
MAX_RCPT_RATE                      100
database default values
RcptRate:DEFAULT                        300
RcptRate:127.0.0.1                      1000
RcptRate:LOCAL                          1000
RcptRate:DOMAIN                         1000
RcptRate:FRIEND                         300

Recipient count per message

CHECK_NB_RCPT                      YES
MAX_RCPT                           200
database default values
MaxRcpt:DEFAULT                        100
MaxRcpt:127.0.0.1                      300
MaxRcpt:LOCAL                          300
MaxRcpt:DOMAIN                         250
MaxRcpt:FRIEND                         250
MaxRcpt:dnsbl                           10

Messages per connection

CHECK_NB_MSGS                      YES
MAX_MSGS                           100
database - default values
MaxMsgs:DEFAULT                        10
MaxMsgs:127.0.0.1                      50
MaxMsgs:LOCAL                          50
MaxMsgs:DOMAIN                         30
MaxMsgs:FRIEND                         20
MaxMsgs:dnsbl                           1
doc/spam/short_term_rate.txt · Last modified: 2018/02/09 16:59 (external edit)
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0