Short term rate and resources limiting

In November 1975, Jon Postel issued the historic RFC 706 On the Junk Mail Problem. His goal was clearly to warn people about the possibility of Denial of Service generated by Junk Mail. Many people refers to this RFC as being one of the first publications about spam. But this RFC presents two ideas to solve the problem : a distributed database of misbehaving hosts (Hmmmm…. looks like a realtime blacklist…), and the evaluation unwanted message rates !

706 - On the Junk Mail Problem

A Host might make use of such a facility by measuring, per source,
the number of undesired messages per unit time, if this measure
exceeds a threshold then the Host could issue the "refuse messages
from Host X" message to the IMP.

Jon Postel not only devised the problem, but also proposed solutions, which seemed to be completely ignored.

As long as the author knows, ze-filter was the first filter to implement (June 2002) the idea of measuring rates by mail filters, and limiting resources granted to SMTP clients, based on their consumption and behaviour. This idea was implemented, almost in the same time, by Claus Assmann on sendmail X (which was renamed later MeTA1). Connection rate and simultaneous open connections limiting per IP address by sendmail 8 is a contribution done by the author.

ze-filter evaluate some “resource” rates on a 10 minutes sliding time window - this is the “Short Term Rate Control” - the filter administrator can set limits based on some parameters :

• Connection Rate
• Message Rate
• Recipient Rate

Other limits can be sets to some simultaneous parameters :

• Simultaneous open connections
• Messages in the same connection
• Recipients in the same message

ConnRate:10.3.3.3       0
ConnOpen:10.3.3.3       0
RcptRate:10.3.3.3       0
MaxRcpt:10.3.3.3        0
MsgRate:10.3.3.3        0
MaxMsgs:10.3.3.3        0

CHECK_CONN_RATE                YES
MAX_CONN_RATE                   15

database default values

ConnRate:DEFAULT                        15
ConnRate:127.0.0.1                      1000
ConnRate:LOCAL                          300
ConnRate:DOMAIN                         100
ConnRate:FRIEND                         30
ConnRate:dnsbl                          3

CHECK_OPEN_CONNECTIONS             YES
MAX_CONN_OPEN                      10

database default values

ConnOpen:DEFAULT                        10
ConnOpen:127.0.0.1                      30
ConnOpen:LOCAL                          15
ConnOpen:DOMAIN                         15
ConnOpen:FRIEND                         10
ConnOpen:dnsbl   			 2

CHECK_MSG_RATE                     YES
MAX_MSG_RATE                       100

database default values

MsgRate:DEFAULT                        15
MsgRate:127.0.0.1                      1000
MsgRate:LOCAL                          300
MsgRate:DOMAIN                         100
MsgRate:FRIEND                         30
MsgRate:dnsbl                           3

CHECK_RCPT_RATE                    NO
MAX_RCPT_RATE                      100

database default values

RcptRate:DEFAULT                        300
RcptRate:127.0.0.1                      1000
RcptRate:LOCAL                          1000
RcptRate:DOMAIN                         1000
RcptRate:FRIEND                         300

CHECK_NB_RCPT                      YES
MAX_RCPT                           200

database default values

MaxRcpt:DEFAULT                        100
MaxRcpt:127.0.0.1                      300
MaxRcpt:LOCAL                          300
MaxRcpt:DOMAIN                         250
MaxRcpt:FRIEND                         250
MaxRcpt:dnsbl                           10

CHECK_NB_MSGS                      YES
MAX_MSGS                           100

database - default values

MaxMsgs:DEFAULT                        10
MaxMsgs:127.0.0.1                      50
MaxMsgs:LOCAL                          50
MaxMsgs:DOMAIN                         30
MaxMsgs:FRIEND                         20
MaxMsgs:dnsbl                           1