Great Circle Associates List-Managers
(May 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: RE: Prevalence of mailing-list bombing
From: "Andy Finkenstadt" <andyf @ simutronics . com>
Date: Wed, 29 Apr 1998 23:33:02 -0500
To: <list-managers @ GreatCircle . COM>
Importance: Normal
In-reply-to: <6571 . 893886140 @ monkeys . com>

Well geez,  I'm sorry I even asked the question.  Many thanks to Chuq and
others who commented on what the true solutions were, which I had already
suspected.

The bottom line is, until mailing list software writers and mailing list
administrators configure their lists to always require confirmation from the
desired recipient, there's no practical way for an innocent victim to
prevent their personal or business e-mail address from being bombed with a
denial of service attack of this nature.

I wrote a procmail recipe that alleviates nearly all of the problem mail by
dropping into another folder any mail that does not directly address an
address using one of our domains.  Using formail, I can re-process an
attacked mailbox if the problem recurs in the future.

This solution covers most of the needs we had without having to change the
world, or write sophisticated "detect that a mailbox is being bombed in
real-time without human intervention" software.  I'd rather write dwim()
instead, as it would be much easier.

-Andy




Indexed By Date Previous: Re: MajorDomo Header/Footer insertion Web interface script.
From: Bill Houle <Bill . Houle @ SanDiegoCA . NCR . COM>
Next: Re: Prevalence of mailing-list bombing
From: Norbert Bollow <bollow @ math . ethz . ch>
Indexed By Thread Previous: Re: Prevalence of mailing-list bombing
From: "Michael C. Berch" <mcb @ postmodern . com>
Next: Re: Prevalence of mailing-list bombing
From: Norbert Bollow <bollow @ math . ethz . ch>

Google
 
Search Internet Search www.greatcircle.com