On Monday, Jul 14, 2003, at 19:01 US/Central, Gordon Messmer wrote:...
I have my Postfix install set up to reject all VRFY requests. And it will only give a positive response for RCPT's that it actually believes it can deliver.
Now admittedly, that does leave RCPT open (as you mentioned) as a replacement for VRFY. But with a limit on RCPT's per message (or a tar-pitting patch), I could cut down on that exploit _somewhat_ too, if it becomes a problem -- which it isn't currently.
Placing the same restraints on VRFY would have the same beneficial effects. Giving stupid replies to VRFY and proper replies to RCPT seems silly to me.
Of course, I'm not sure I really see the value of people just universally accepting RCPT's and just turning around and bouncing to a non-existent or deactivated box. It just creates more incoming mails and outgoing bounces... which to me, seems to actually exacerbate the spam problem, rather than helping it.
I agree, but that's the only way to prevent the abuse of RCPT for spam harvesting.
They say that you can't apply a technical solution to a social problem...
Anyway... if you have reports that your filter's approach actually is effective for someone else, then maybe I'm wrong and it is going to be useful.
Here's to slightly less speculation:
$ grep -c 517 PS-replies ; grep -c 421 PS-replies ; wc -l PS-replies
42
37
335 PS-replies
$ grep -c 517 SS-replies ; grep -c 421 SS-replies ; wc -l SS-replies
30
21
332 SS-replies
$ grep -c 517 IN-replies ; grep -c 421 IN-replies ; wc -l IN-replies
1
0
27 IN-repliesI've gathered all of the "From" lines from my INBOX, from a "ProbablySpam" folder containing messages that spamassassin identified as spam, and a "ShouldBeSpam" folder containing spam that spamassassin did not identify.
517 messages are positively identified fake addresses. They have a valid domain, but that domain refuses to accept mail for that address.
421 messages are temporary failures. Either the MX record exists, but no server answers, or the servers are reporting 4XX codes themselves. Courier wouldn't accept these eithers.
The line count total is the number of addresses tested. From the results, it looks like adding the filter would reduce the amount of incoming spam by about a quarter. It's not a solution by itself, but it's less spam coming in to your system, and one piece of an overall better system.
I think that it's at least effective enough to finish coding and test it out, though I wonder if I'm just stemming the tide before we have to use challenge/response systems.
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
