>>>>> "Marc" == Marc Perkel <[EMAIL PROTECTED]> writes:
Marc> Ok - I'm changing the subject line here to fork this topic. The Marc> issue is sender verification during a dictionary attack. If Marc> someone was faking a lot of different addresses at domain.com Marc> trying to send spam them my server would do callouts trying to Marc> verify email addresses and could cause a lot of collateral Marc> traffic. Rate limiting does very little to help here. Suppose a spammer sends out (to other people) 100 million spams all of which have different, random, sender addresses at your domain. You're going to see three types of traffic in response to the spam run: attempts to do callout, attempts to do C/R, and attempts to send bounces. All of these will likely look pretty much the same to you, unless you actually have a catchall for the targetted domain. How many sessions that end after RCPT TO can you handle per hour without impacting your legitimate traffic? -- Andrew, Supernews http://www.supernews.com -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
