>>>>> "W" == W B Hacker <[EMAIL PROTECTED]> writes:
W> Because, dear David, not ONE DAMN BIT of this whole smtp shebang W> works if we DO NOT try to help each other within commonly agreed W> channels! I assume you're addressing me, not David. What is "commonly agreed" about sender-verification callout? The opinion I see of it amongst professional mail server administrators is largely (even overwhelmingly) negative, other than a relatively small number of smaller sites who for the most part are not finding themselves the targets of excessive verification attempts, and therefore don't realize the consequences of their behaviour (or don't care). I also don't see any justification for it in the RFCs; the command to verify addresses is "VRFY", not "RCPT TO". Why do you think people disable VRFY? W> Handling a few liteweight verifications for others is the quid pro W> quo for their also helping *you* by trying to reduce abuse W> *overall*. Too many assumptions in this sentence. (1) verification is not "lightweight". (2) verification does not reduce abuse. (3) verification does not help me. W> If you are being *overwhelmed* with forgeries, try more W> intelligent filtering. It's not a case of being overwhelmed with forgeries, it's a case of being overwhelmed by _blowback_ from forgeries sent to _other sites_. W> How many come from IP's that lack a PTR? rDNS is cached very W> effectively. Callout (and other forms of blowback) is coming from _mail servers_, and therefore the vast majority of the connections are from IPs with valid rDNS, HELO parameters that look as reasonable as they ever do, and from IPs that are not listed in any blacklist. Furthermore, most of the IPs that send us blowback are doing so at very low individual rates; it's only the aggregate of a very large number of sources that makes it a problem. W> And how hard is it to put some /24 or /8 into your firewall that - W> per their own netblock holders, not just some contentious RBL - W> are NOT SUPPOSED to *ever* send mail? Blowback by definition comes from IPs that are supposed to send mail. -- Andrew, Supernews http://www.supernews.com -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
