                ꥽	

------------------------------------------------------------
1	¤ä뤳
1.1	̤ͣΥСξ¿
1.2	᡼륵
1.3	᡼̤Υޥɿξ
1.4	ȥեå

2	Mail Traffic Information
2.1	How to
2.2	Traffic Monitor
2.3	Mail Traffic Information
2.4	᡼ (MAIL BOMBING) Ƚɾؿ
2.5	ɾؿ
2.6	MTIѿ
2.7	ȥեåκ
2.8	¾
2.9	եʤ
2.10	ޥؿȥϥåǡ
2.11	perl 5 tie 
2.12	ٹ negative cache
2.13	DB type

3	ʥ
3.1	ƥ᡼Υ
3.2	̤ͣΥС(ưϿλ)
3.3	HOOK:Կۤ᡼Ѵ
3.4	$START_HOOK ǣ̥ͣСοͿ¤򤹤
------------------------------------------------------------


1	¤ä뤳

1.1	̤ͣΥСξ¿
See also: 3.2 

ǥեȤ̵¤Ǥ $MAX_MEMBER_LIMIT Ǿ¤ꤷޤ

1.2	᡼륵

/ޥɥ᡼鷺Ϥǡ礭åޤ
ǥեȤ̵¡$INCOMING_MAIL_SIZE_LIMIT Ǿ¤򤭤ޤ

1.3	᡼̤Υޥɿξ
See also: $MAXNUM_COMMAND_INPUT 

$MAXNUM_COMMAND_INPUT

1.4	ȥեå
See also: 2 

쵤˥᡼äƤͤΥ᡼ϵݤޤ
浡̾ MTI (Mail Traffic Information)ȸƤФƤޤ
εͭˤˤ

	$USE_MTI = 1; (default 0)

    makefml config
    ᥤ˥  ƥ  USE_MTI

2	Mail Traffic Information

fmlϥ᡼ȥեåδƻ򤷡СȾ֤ˤʤä᡼ε
򤹤ʤɤν򤷤ޤޤޤʥȥ졼ɥդޤǥե
ȤϡֻȤʤ׾֤ˤʤäƤޤεǽONˤƤ
侩Ƥޤ

2.1	How to

ƤäȤФ䤤ޥǽˤäƤ

	$MTI_BURST_SOFT_LIMIT
	$MTI_BURST_HARD_LIMIT

ο򾮤ȡʤΥ᡼ǤƤȤߤʤ褦ˤʤޤ
ǥեȤο 1 ٤ǤλϽٽ椷ƥ᡼뤬뤫
ݤ٤ܰ¤ˤʤäƤޤ

2.2	Traffic Monitor

ȥեåΥ˥(ؽỤ̤̄Ȥ:)äɬפȤϻפޤ
󡣤ȥեå˥뤳Ȥǥ᡼(mail bombing)μư
ФؤαѤʤɤͤȻפޤʤѤȤƥ᡼Υ롼
ʤɤ⸡ФǤǤ礦

Bombing åľŪ˹ͤȡ֥ȥեå쵤礭
ʤª뤳ȡפǤǤUUCP륢åIPʤ
ίä᡼쵤ݤФɬפΤͥåȥФƤ䡢
ͥåȥ顼Τίä᡼뤬쵤ʤɤ쵤˥᡼
뤬뤿ᡢ᡼ʤΤȤ᡼ƤʤΤ̤Ĥʤ
ʤɤ꤬ޤǤ⤽Ϥ٤Ϥ礦ʤΤǡUUCPͥ
ȥ顼ʤɤóݤƤޤǽиξǻȤɬפ


ŤξǤְտŪʥåưФǤ뤫פϤɤ 
fake 줿᡼뤬 FML ˤĤäޤ뤫˰¸ޤSMTPǧ
ǽϤʤǡIP Spoofing ǽǤ fml.pl ư줿
ʳ fake ͭޤ

2.3	Mail Traffic Information

MTI (Mail Traffic Information) FML¢Υ᡼ȥեå˥
ƥǤMTI From: Return-Path: Sender: ʤɤ address ۥȾ
 KEY ˤƥ᡼뤬FMLư֤䤢ۥȤ̲֤ cache 
ޤξѤ MAIL BOMB ATTACK δƻ뤬ǤϤǤ
ҤͳˤꡢޤɾؿõΤѤǤ

2.4	᡼ (MAIL BOMBING) Ƚɾؿ

: ʲɽǤʤΤ TeX 꺮ƽ񤯡

᡼ϻּ˱ä fml.pl ư롣λˤĤƹͤ롣
᡼ (m_i) ƤFMLư֤ t_i ȤΥ᡼
إå Date:  d_i Ȥ롣 i ñʤ륤ǥåFMLư
(ΤˤFMLưƤ˥åϤºݤ˽줿
ˤʤ뤬)Ȥ褦

MTI Ǥ cache Ȥ 줾Υ᡼ t_i  d_i Фˤƥå
Ƥ롣m_i  From: Sender: ʤɤΥɥ쥹 KEY ˤƥ㥷夷
롣ʤ($MTI_EXPIRE_UNIT)в t_i ξϥå夫
ΤƤ롣

MTIΥǥեȤɾؿǤ

	 1 / | t_i - t_j +  | 

ͤɾ롣  ȯɤΤΤǤ롣t_i - t_j 
FMLưֺ顢¿Υ᡼뤬դϢ³Ƶư
ˤϾͤȤ롣տˤ¤ΤFMLϢ³Ƶư
礭ͤȤ뤳Ȥˤʤ롣ͤ(threshold)ۤ
 BOMBING Ȥߤʤ

 threshold ˤ 0.2 ʤɤͤꤹ롣οϤʤ
̯ǤϤäȤˤϺʤ㤨

		i=N
	E{t} =	 1 / | t_i - t_j +  | >  1/M  N/M
		i=1

	| t_i - t_j +  | < M

ȸѤ M = 10, N = 5 Ǥ N/M  0.2 Ȥʤ롣Ĥޤ 0.2 
10٤ûֳ֤᡼뤬5Ϣ³褿᡼ƤݤȽ
ͤȤߤʤ롣

餫 ΥͥåȥΥ顼UUCPDIPʤɾ
³Ƥʤ褦ʥͥåȥ᡼뤬ǡξ
 queue ίä᡼뤬쵤Ƥ뤳Ȥ롣ξ
ǤϤ BOMBING ȤߤʤƤޤ

Τ᡼إå Date: եɤ d_i ѤƱͤȽ
Ȥͤ롣Ĥޤ

	E{d} =	 1 / | d_i - d_j +  |

ͤ뤳Ȥˤ褦

̤˥᡼񤤤 queue ί쵤Фͤ Date: 
ʤӤͤȤΤ E{t} ͤ礭Ƥ E{d} 
ͤ礭ϤʤʤϤǤ롣줬ޤȽꤵ褦 
threshold 򤦤ޤǤɬפ롣

E{d} Ǥ⡢㤨ФMUAäƱ Date: Ʊ Message-Id ʣ᡼
ФƤޤȤȡλ d_i - d_j  0E{d} >> 1 ˤʤä
ޤ֤ǥ᡼ƤȽꤷƤޤΤºݤΥɤ
ȯɤ  ƳΤǤϤʤ

	 1 / ( | d_i - d_j | < 3 ? 3 : | d_i - d_j | )

Τ褦¤äƤ롣

2.5	ɾؿ

ǤϥǥեȤɾؿˤĤƲ⤹롣ܤỲȡ
 E{t} E{d} ϾҤη׻Ƿ׻ΤȤ롣

	E{t}	fml.pl ưκεտ­
	E{d}	᡼إå Date: κεտ­

׻롣ȽϰʲΤ褦˹Ԥʤ

1	soft limit

	᡼Ф縵ǰդ˽Ф E{d} ̤礭
	E{d} < E{t} ϥͥåȥ顼UUCPβǽ

2	hard limit

	 1  Date:  fake ƤΩʤ
	Τ E{d} E{t} ɤ餫 threshold ۤ
	ʳξ鷺 bomb Ȥߤʤ

3 	">" (greater than) 

	">" (greater than) ϤϰϤ greater than 
	Ǥ٤

	if ( E{d} > E{t} ) {
		if ( E{d} > $MTI_BURST_SOFT_LIMIT) {
			᡼Ƥ˰㤤ʤ
		} 
	}
	else {  # e.g.  1 Ωʤ褦 fake 줿

		if ( E{t} > $MTI_BURST_HARD_LIMIT ) {
			᡼Ƥ˰㤤ʤ
		}
		if ( E{d} > $MTI_BURST_HARD_LIMIT ) {
			᡼Ƥ˰㤤ʤ
		}
	}

2.6	MTIѿ

	$USE_MTI

MTI ǽ ON ˤ롣 enable ʤȰʲεǽƺưʤ

	$USE_MTI_TEST (١ƥȤδ֤¸)

BOMBING ȽꤷƤݤ¥ƥȤδ֤Ϥѿ򤤤ʤ
ƤMTIȽǤ˻ĤäƤǤ١ƥȤä餳
ѿϤʤʤꡢưŪƤ褦ѹޤ

	$MTI_BURST_SOFT_LIMIT
	$MTI_BURST_HARD_LIMIT

ǥեȤɾؿΥѥ᡼()

	$MTI_BURST_MINIMUM

¤ $MTI_BURST_MINIMUM ʲͤ $MTI_BURST_MINIMUM ط
ǥեȤ3 (3)

	$MTI_COST_EVAL_FUNCTION

ʬǥޥɾؿƤӽФʤ餳ѿ˴ؿ̾򥻥åȤ
롣

	$MTI_COST_EVAL_HOOK

HOOK

2.7	ȥեåκ

MTIΤޤεǽȤɾؿ  1 ȼññ̻դε
ˤʤ롣ɾLIMITۤ reject 롣
ñ̻֤ $MTI_EXPIRE_UNIT (default 3600 sec.) Ǥ롣

	$MTI_DISTRIBUTE_TRAFFIC_MAX

֤ƿκ͡

	$MTI_COMMAND_TRAFFIC_MAX

֤Υޥɥ᡼κ͡줾ˤĤΩǤ롣

2.8	¾

	$MTI_EXPIRE_UNIT

cache life time.

	$MTI_APPEND_TO_REJECT_ADDR_LIST

bomber Ƚꤵ줿ɥ쥹 $REJECT_ADDR_LIST ($DIR/spamlist) ˤ
뤫ݤǥեȤ NO ȤΤɬ From: Υɥ쥹
ǤϤʤΤ $REJECT_ADDR_LIST 뤳Ȥ˰̣뤫ɤ
Τᡣ

2.9	եʤ

	$MTI_DB
	$MTI_HI_DB

	$MTI_DIST_DB
	$MTI_HI_DIST_DB
	$MTI_HI_COMMAND_DB
	$MTI_COMMAND_DB

cache files.

	$MTI_MAIL_FROM_HINT_LIST

$DIR/mti_mailfrom.hint ȤեMTIΥҥȤȤƻĤ
ɤȤϤޤ̤ꡣ㤨Ф sendmail  check_mail Υǡ
ȤϤʤɤαѤͤ롣

2.10	ޥؿȥϥåǡ

١ƥȤʤΤǡǻͤѤ뤫⤷ʤ:)

    $fp = $MTI_COST_EVAL_FUNCTION || 'MTISimpleBomberP';
    &$fp(*e, *MTI, *HI, *addrinfo, *hostinfo);

	%Envelope	Envelope
	%MTI		ɥ쥹Ȼ
	%HI		ۥȤȻ
	%addrinfo	褿᡼ΥإåϤ address 
	%hostinfo	Received: ФۥȤ̲
			ǤɾؿǻȤäƤʤ;D

2.11	perl 5 tie 

	$MTI_TIE_TYPE

$MTI_TIE_TYPE  DB_File ʤɤ perl 5  tie 
Ȥä hash ؤΥХǥ󥰤Ԥʤ
perl 4 ǤϻȤʤ(:-) 
ȤOS˰¸롣Ƽޥ˥奢򻲹ͤˤƤ
e.g. DB_File, NDBM_File, ...

2.12	ٹ negative cache

֤ˣ٤ٹ᡼ԤΤʤmail bombΤ줾
᡼Ф줾ٹ᡼ФȼʬǼʬ⤷ƤޤȤ
ʤäƤޤ

2.13	DB type

	$MTI_TIE_TYPE

$MTI_TIE_TYPE  DB_File ʤɤ perl 5  tie Ȥä hash 
ؤΥХǥ󥰤Ԥʤperl 4 ǤϻȤʤ(:-) Ȥ
OS˰¸롣Ƽޥ˥奢򻲹ͤe.g. DB_File, NDBM_File, ...

3	ʥ

3.1	ƥ᡼Υ

ޤ礭᡼Ƥ⥵ФСüǤ٤⤯ʤ
Ǥ̥ͣСȤڤΤƤޤޥɡƤ
åޤǥեȤ¤ʤǡ byte ñ̤

		$INCOMING_MAIL_SIZE_LIMIT

ǻꤷޤʤ0̵̣ޤ(ǥե)

		$NOTIFY_MAIL_SIZE_OVERFLOW (default 1)

ꤵƤ fml ݤݤ᡼֤ޤ
иŪˤΤ餻ʤȲ٤礭᡼äƤΤ
ǤǤ

message/partial ϤФФˤƤʬιפΥꤷ
Ƥͤ $INCOMING_MAIL_SIZE_LIMIT Ӥޤ
(Ǹΰ̤ˤǽϤ)

		$ANNOUNCE_MAIL_SIZE_OVERFLOW (default 0)

 1 ȡ̤ͣˡ֤Ǥä᡼̤ͣꤲͤפȤ
餷Τˤ:)ܿͤ˷ٹ𤹤нʬȤ⤦

3.2	̤ͣΥС(ưϿλ)

	$MAX_MEMBER_LIMIT

ǥСκ¤롣ǧڤСΥꥹȤǤϤʤ
ꥹȤåƤޤäȤ⼫ưϿλϤۤȤƱȤǤ

3.3	HOOK:Կۤ᡼Ѵ

We discard mail with over 1000 lines. Today please use
$INCOMING_MAIL_SIZE_LIMIT for incoming mail size upper limit.
See also: 3.1 

$START_HOOK = q#
    if ($Envelope{'nlines'} > 1000) {
	&Warn("Discarded on the behalf of too Large Mail", &WholeMail);	
	$DO_NOTHING = 1;
    }
#;

3.4	$START_HOOK ǣ̥ͣСοͿ¤򤹤

ե $LIMIT_OVER_FILE ˤʤʸϤ񤤤Ƥ
Ref: START_HOOK => hooks 3.1

$START_HOOK = q%;

$MAX_MEMBER = 100;

$LIMIT_OVER_FILE = "$DIR/limit.over"; 

sub WC
{
    local($f) = @_;
    local($lines) = 0;

    open(TMP, $f) || return 0;
    while (<TMP>) { 
	next if /^\#/;
        $lines++;
    }
    close(TMP);

    $lines;
}

if (&WC($ACTIVE_LIST) > $MAX_MEMBER) {
    &SendFile($From_address, 
	      "Sorry, the mailing list member exceeds the limit $ML_FN", 
	      $LIMIT_OVER_FILE);
    $DO_NOTHING = 1;
}

%;


		INDEX

$ANNOUNCE_MAIL_SIZE_OVERFLOW               ...   3.1 
$INCOMING_MAIL_SIZE_LIMIT                  ...   3.1 
$MAX_MEMBER_LIMIT                          ...   3.2 
$MTI_APPEND_TO_REJECT_ADDR_LIST            ...   2.8 
$MTI_BURST_HARD_LIMIT                      ...   2.5 
$MTI_BURST_MINIMUM                         ...   2.6 
$MTI_BURST_SOFT_LIMIT                      ...   2.5 
$MTI_COMMAND_DB                            ...   2.9 
$MTI_COMMAND_TRAFFIC_MAX                   ...   2.7 
$MTI_COST_EVAL_FUNCTION                    ...   2.6 
$MTI_COST_EVAL_HOOK                        ...   2.6 
$MTI_DB                                    ...   2.9 
$MTI_DIST_DB                               ...   2.9 
$MTI_DISTRIBUTE_TRAFFIC_MAX                ...   2.7 
$MTI_EXPIRE_UNIT                           ...   2.4 2.8 
$MTI_HI_COMMAND_DB                         ...   2.9 
$MTI_HI_DB                                 ...   2.9 
$MTI_HI_DIST_DB                            ...   2.9 
$MTI_MAIL_FROM_HINT_LIST                   ...   2.9 
$MTI_TIE_TYPE                              ...   2.11 
$NOTIFY_MAIL_SIZE_OVERFLOW                 ...   3.1 
$START_HOOK                                ...   3.3 3.4 
