TLim:
Transaction Limiter
-by Jason Storm (jms@tlim.net)
TLim is a modification to sendmail, that keeps track of how many transactions
take place from a specific IP, and sanctions IPs that perform more than a specified number
of transactions in a specified period of time via a null route entry(this is
simply the default action of a shell script provided, customize at will).
This is implemented specifically to discourage outbound SPAM from, say, a
dialup pool of clients for example,
and to sanction remote hosts that attempt to send email to non-existent
accounts.
Due to the obvious potential for remote abuse, the latter is optional.
Specific IPs can be made exempt from TLim sanctions.
The TLim.README:
What is TLim?
------------
A modification to the Sendmail daemon that limits the number of transactions
any given IP can complete over a specified period of time.
What does it do?
---------------
When an IP violates our designated limits, a shell script is invoked. The
script provided will simply route traffic from the remote ip to 127.0.0.1.
Removing the null route entry can be automated by altering
/etc/mail/mailblock, a shell script created during installation.
Can I have tlim just drop IP's into the access.db database?
--------------------------------------------------------
This simply isn't effective against an inbound attack; the remote
server will still be able to deplete resources by exausting the
number of allowed sendmail instances.
That said, it is trivial to alter the invoked shell script to
perform such deeds, if it suits your particular situation.
What transactions does it limit?
-------------------------------
TLim monitors two functions in sendmail's source code; the function which
indicates that a remote transaction was succesful, and the function which is
used
to indicate that the user's address does not exist. The first TLim function
is used to prevent outbound spam from your users. The second TLim function
is designed to prevent inbound attacks where malicious users are bouncing
random emails to domains your machine provides MX for.
WARNING: THE SECOND TLIM FUNCTION CAN BE ABUSED REMOTELY TO DENY LEGITIMATE INBOUND TRAFFIC:
Say you routinely receive emails from family and friends at
example.com, a dial-up ISP. A person of poor moral fiber could sign up
for an account at example.com, and use their SMTP server to spam you.
TLim would deny all traffic from the same server legit traffic comes from.
To address this, you can add ip's to /etc/mail/tlim.exempt. Tlim will not
sanction ip's found in that file.
Altering /etc/mail/mailblock to purge null routes after a specified period
of
time can also lessen the potential impact of user error and abuse.
If this strikes you as a potentially crippling point of failure, simply leave
the 550 error hook disabled during configuration. Remember however, that
being denied 10% of your legit traffic by someone abusing TLim remotely
is often preferable to losing 100% of your traffic through resource depletion.
What operating systems has it been tested on?
--------------------------------------------
Linux 2.2, Linux 2.4, FreeBSD 4.2.
Please forward your results on different OS's to: tlim@tlim.net.
What versions of Sendmail are supported?
---------------------------------------
sendmail 8.12.2 is the latest version at the time of this release.
Porting this in either direction is super-trivial, and detailed
instructions will be included eventually in this package for accomplishing
this.
Where can I report bugs and such?
--------------------------------
bugs@tlim.net