Paul Murphy wrote:
afo cliff <[email protected]> 09/06/2009 17:18 >>>
Ok, then it looks like it's better to stick with access/virtusertable
rejection.
No, it is infinitely better to do it in filter_recipient, and terminate
the connection after a number of invalid recipients.
Consider the case where a spammer connects and tries a list of 2000
common accounts (root, postmaster, admin, daemon, staff, info, etc...).
Rejecting via the access DB will reject all of the ones which are
invalid, and will do so quickly. However, all of the valid ones will
get the spam, and the spammer will also get a 2xx OK code to that
recipient, so they can tune their mailing lists to remove known bad
addresses, and sell on the ones which they now know to be working.
Spammers are a lot smarter than that these days. If you watch your logs
during a dictionary attack you are likely to see the messages come in
from dozens of different IP addresses that are obviously coordinating
the address space and timing so you don't see a big number of addresses
come in from any single source, or on any single message, or fast enough
to overwhelm a reasonable server.
Doing it via filter_recipient, the spammer sends RCPT_TO with the first
address, which might be valid. However, long before they have gone
through the 2000 in their list, you've seen 3 bad addresses, and have
rejected the whole message.
Sendmail can do this directly as well:
define(`confBAD_RCPT_THROTTLE',`3')dnl
And unless you expect messages with a large number of recipients you can
refuse to accept them without running any perl code:
define(`confMAX_RCPTS_PER_MESSAGE',`5')dnl
'Real' senders are supposed to figure this out and resend but I don't
know how it works out in practice.
--
Les Mikesell
[email protected]
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
