Dan Bernstein writes on BUGTRAQ:
> There are lots of interesting remote denial-of-service attacks on any
> mail system. A long-term solution is to insist on prepayment for
> unauthorized resource use. The tricky technical problem is to make
> the prepayment enforcement mechanism cheaper than the expected cost
> of the attacks.
Hashcash addresses this tricky technical problem.
http://www.dcs.ex.ac.uk/~aba/hashcash
http://www.notatla.demon.co.uk/SOFTWARE/software.html
Hashcash was envisaged as an aid to spam filtering, but I have
put hooks for it in the program described below to limit
anonymous DoS attacks.
> On the bright side, mailers are _not_ permitted to discard messages for
> frivolous reasons such as full disks. They have to report the problem to
> the sender, so that the sender can keep the message and try again later.
Angel, my (non-SMTP) MTA with crypto, relies on positive confirmation that
a message _was_ delivered correctly.
Retries are carried out at intervals until the maximum number of retries
is reached. (Note: number of tries, not timeout. It makes a difference
on machines that are sometimes switched off.)
When the retry limit is reached a new delivery mechanism can be tried
instead (as defined in a config file), or the message can be silently
dropped. This approach is adopted because the MTA is mainly intended for
anonymous mail so bounces to sender are impossible.
There are no set[ug]id programs involved. One (or more) writable directories
are used for posting outgoing mail because local attacks are out of the
intended scope. At additional processing cost you could have a different
posting directory per user.
Um, almost forgot - contains cryptographic code by Eric Young and Tim Hudson.
--
##############################################################
# Antonomasia antat_private #
# See http://www.notatla.demon.co.uk/ #
##############################################################
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:03 PDT