On Fri, 11 Jun 2004, Brian McGraw wrote: > 1. When does the DNSRBL checking happen? > I've integrated the checks into Sendmail, not MD or SA.
Either at connection time or RCPT time, depending on the "delay_checks" feature. > 2. Do the DNSRBL checks happen before, or do they prevent, Sendmail from > checking to see whether the recipient addresses of real or not? They usually happen before. > The reason I ask is that I believe a large part of what is slowing us > down is all the "User unknown" replies generated by the dictionary > attacks. Turning off the replies is not an option, unfortunately. You **MUST** configure your mail network to reject invalid recipients with a 5xx code at the MX server. The good old days of having a gateway machine that lacks knowledge of valid internal addresses are gone; such an architecture is unsustainable in today's hostile environment. Depending on your setup, you might be able to use md_check_against_smtp_server to reject bad recipients at the gateway, or you may have to hook into LDAP or some other directory system. In the worst case, you may have to re-architect your mail system. > Also, if a spammer sends a piece of mail with 50 people CC'd, and > the DNSRBL decides that sender is a spammer, does the rejection > error get sent to the sender once, or once for each person he CC'd? Once, I believe. > I've also tried using the throttling technique in Sendmail to slow these > attacks, but it doesn't really seem to have helped. Is there anything > I'm missing? Are there any options available in MD to help put a stop > to the attacks? Did you read the list archive? See: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-June/022774.html -- David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
