On Tue, 17 Oct 2006, Marc Perkel wrote: | Ok - I'm changing the subject line here to fork this topic. The issue is | sender verification during a dictionary attack. If someone was faking a | lot of different addresses at domain.com trying to send spam them my | server would do callouts trying to verify email addresses and could | cause a lot of collateral traffic.
Rate-limiting callouts based on the sender domain only helps in the special case where a spammer is repeatedly using one domain for multiple attempts on your server. But surely most of the spam you receive has sender addresses in different faked domains (not just different localparts at a single "domain.com"). So you'll still be emit a lot of collateral traffic. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
