Dan Bernstein writes on BUGTRAQ: > There are lots of interesting remote denial-of-service attacks on any > mail system. A long-term solution is to insist on prepayment for > unauthorized resource use. The tricky technical problem is to make > the prepayment enforcement mechanism cheaper than the expected cost > of the attacks. Hashcash addresses this tricky technical problem. http://www.dcs.ex.ac.uk/~aba/hashcash http://www.notatla.demon.co.uk/SOFTWARE/software.html Hashcash was envisaged as an aid to spam filtering, but I have put hooks for it in the program described below to limit anonymous DoS attacks. > On the bright side, mailers are _not_ permitted to discard messages for > frivolous reasons such as full disks. They have to report the problem to > the sender, so that the sender can keep the message and try again later. Angel, my (non-SMTP) MTA with crypto, relies on positive confirmation that a message _was_ delivered correctly. Retries are carried out at intervals until the maximum number of retries is reached. (Note: number of tries, not timeout. It makes a difference on machines that are sometimes switched off.) When the retry limit is reached a new delivery mechanism can be tried instead (as defined in a config file), or the message can be silently dropped. This approach is adopted because the MTA is mainly intended for anonymous mail so bounces to sender are impossible. There are no set[ug]id programs involved. One (or more) writable directories are used for posting outgoing mail because local attacks are out of the intended scope. At additional processing cost you could have a different posting directory per user. Um, almost forgot - contains cryptographic code by Eric Young and Tim Hudson. -- ############################################################## # Antonomasia antat_private # # See http://www.notatla.demon.co.uk/ # ##############################################################
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:03 PDT