On 18 Oct 2006, at 03:30, Dean Brooks wrote: > On Wed, Oct 18, 2006 at 12:15:36AM +0100, Andrew - Supernews wrote: >>>>>>> "Renaud" == Renaud Allard <[EMAIL PROTECTED]> writes: >> >> Renaud> In a perfect world we would need neither callouts neither >> Renaud> blacklists as people wouldn't send spam in the first >> Renaud> place. But we are not in a perfect world. >> >> Trying to block spam by using other people's resources without >> permission is just as bad as sending spam. > > Just throwing in my opinion here, but I totally agree with Andrew on > this one. Sender verification callouts without first ensuring the > sender is sourcing from an authorized host (via SPF or other means) is > essentially as bad as spamming. Those callouts are using resources > that provide no benefit to the owner of the resources being used.
SPF is fairly useless, most companies will have employees traveling and using different SMTP servers. I use smtp auth for all my clients but even then I have come across hotels that have installed transparent SMTP proxies and so the user has to turn smtp auth off and use the hotels SMTP server. > > Anyone who has run a very active mail server will tell you that > callouts can use *enormous* amounts of resources if amplified > appropriately. Denial of service would be very easy with only a few > sites doing callbacks and an agressive forger. The only reason this > doesn't happen more often is very few sites use callouts (thankfully). How do you know how much of this was callouts and how much was attempted DSN's ? So definitely failure to reject on virus, attachment, spam, user or whatever at SMTP time is much worse than doing callouts - right (hypothetically coz I do all this at SMTP) I am perfectly within my rights to bounce a message back to the envelope sender address for what ever local policy it violates also if it is refused normally I would do at least 1 or 2 more retries with auto_thaw. This is perfectly acceptable yet it causes more bandwidth usage than callouts A callout is what 100 bytes ? Nowadays using images to avoid pattern matches your average spam is maybe 5k So there is really no comparison on the "badness" HOW ABOUT ...... a public callout cache ? > > People who use callouts should not complain if they end up getting > blocked. If you use my server resources in a transaction where our > organization or our customers receive no benefit, then you are > commiting essentially the same ethical (if not legal) crime as a > spammer. > > The opinions of callouts will vary widely, I'm sure, but I think > you'll > find a less favorable opinion from admins who run ISP or large > corporate > mail servers. > > -- > Dean Brooks > [EMAIL PROTECTED] > > -- > ## List details at http://www.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
