On 23.05.13 20:07, Jan Ingvoldstad wrote: >Ident lookups have historically been associated with spamming, as a more or >less efficient way of identifying which addresses are valid and therefore >okay to send spam to. It has also been associated with targeted attacks >against specific accounts across protocols, e.g. for FTP, SSH etc. > >Relying on ident lookups therefore is to rely on that most MTA admins open >up for ident lookups, such as Matus Uhlar obviously is doing. In my >experience, this is futile. Many legitimate email providers block ident >lookups.
This is not what I was saying. I have said that if someone provides IDENT lookups, the response will be used and the client is rewarded with avoiding the timeout when waiting to timeout. Of course, using SMTP delay of e.g. 30 seconds may help you even if ident is working, so I encourage you to implement this anti-spam measure (and drop all clients who send any content before your server displays the greeting). I think courier has no such measure currently. I don't think anyone sane would "block" IDENT lookups. You may simply not provide it. Note that IDENT response is for your (sender's, smtp client's) use, not for the recipient (SMTP server) admin's - the server will just log it and in case of spamming the header will be passed to you, who can in addition see the IDENT response, if you have decided to provide it. >> Should I stop using it on my server and risk more Spam ? > >Those are two questions. > >In my opinion, you should stop using it. This is not likely to be the last >time you experience problems with legitimate email related to >blocked/blackholed ident lookups. You in fact say there's no need to turn ident lookups off. The SMTP client MUST wait at least 300 seconds, because delays may happen because of other reasons, while timeout for TCP connect is uaually 30 to 60 seconds. If client drops the connection sooner, it's clearly problem of the client. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
