I've begun testing a Courier filter that implements dial-back address authentication, and I'd like to offer it for testing and discussion. It can be found here:
http://phantom.dragonsdawn.net/~gordon/courier-patches/courier- pythonfilter/
[...]
I'd like to run this on a couple of servers and see if it does any good at all. Some of the most abused servers will give a positive response to any address they're asked about (with either VRFY or RCPT commands).
I'd love to help test this, but I don't use Courier's SMTP service. (I use Postfix instead I'm afraid.) But I'm glad to see filters being written anyway. =)
However, I do wonder about it's usefulness. This is meant as an anti-spam measure, right?
Wouldn't most addresses (even spammer ones) be valid at the host they *claim* to be from? -- Either they set up a valid address long enough to send out the mails, or they don't care about direct replies and they can hijack an address (not the account itself, but just *use* the address in headers and SMTP commands) from some other domain ... *any* address from *any* domain ... Yes?
Of course, that's not to say they all do use valid addresses, which might mean you could catch some. But it's certainly not going to be a very effective measure (at least I don't see how anyway) once they learn that it's being used (and give *any* thought at all as to circumventing it).
Or maybe I just don't understand exactly what you're doing. That's always possible too. :-)
Are there any services that will give different responses to those two commands?
Anyway, as for RCPT vs. VRFY responses... You know some servers reject VRFY out of hand to cut down on address harvesting, right? (It can't stop it of course, but it helps somewhat so long as harvesters prefer using the VRFY command.) So those servers will obviously give differing responses to RCPT than to VRFY.
-jab
------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
