"Michael Boev (TRIC)" <[EMAIL PROTECTED]> writes: > I suspected of, and later verified a case, in which spamd in > grey-trapping mode may be forced to a DOS.
I'd say rather that you have found a possible conflict between greytrapping and milter-sender. I see the backscatter bounces for enough messages I or other users in my domains have never sent to doubt the usefulness the technique it apparently uses (the url you quoted doesn't work - www.milter.info appears to be mx.snert.net, which does not appear to run a www service - and most of what I could dig up concerns the fact that the FreeBSD port was removed due to license issues), and the smartest solution would be to retire it. > Conditions: > 1) A malicious user on machine 'S', who wants to deny mail service to > server 'A' on another server 'B'. This malicious user knows the > '[EMAIL PROTECTED]' greytrapping address. > 2) The server B is protected by spamd with greytrapping enabled. > 3) The server A verifies addresses of all smtp-senders. In my case > it's 'http://www.milter.info/sendmail/milter-sender/', although other > solutions may exist. The smtp callback is made with an empty ('<>') > return address. What [EMAIL PROTECTED] does here is indistinguishable from the way spam is sent these days. Spambots send messages from wherever they can, using return addresses in some unrelated domain, usually with made-up local parts. Occasionally the made-up local part will match a user that actually exists. At other times, well, that's how my spammer bait address list (<http://www.bsdly.net/~peter/traplist.shtml>) was born. >From where I'm sitting it looks like your setup includes a piece of software that was written based on the same assumptions that spawned a whole raft of "challenge-response" systems to annoy the world, and fails for the exact same reason: as you have demonstrated, it is possible to send email with a forged return address that may still be a deliverable address. Checking whether a particular return address is deliverable doesn't buy you much by itself. spamd's greytrapping, on the other hand, is based on factors that are actually under your control, ie what addresses /in your own domains/ are valid or not. That's a whole world of difference. My recommendation would be to stop using milter-sender. It probably generates more noise than useful information anyway, and while you're at it, make extra sure nobody snuck in one of those annoying challenge-response systems while you weren't looking. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
