Peter N. M. Hansteen wrote:
"Michael Boev (TRIC)" <[EMAIL PROTECTED]> writes:
I suspected of, and later verified a case, in which spamd in
grey-trapping mode may be forced to a DOS.
I'd say rather that you have found a possible conflict between
greytrapping and milter-sender. I see the backscatter bounces for
enough messages I or other users in my domains have never sent to
doubt the usefulness the technique it apparently uses (the url you
quoted doesn't work - www.milter.info appears to be mx.snert.net,
which does not appear to run a www service - and most of what I could
dig up concerns the fact that the FreeBSD port was removed due to
license issues), and the smartest solution would be to retire it.
Exactly so. Spamd traps call-back systems.
It's strange though that the URL is dead now. I must have copypasted it
from my browser.
Conditions:
1) A malicious user on machine 'S', who wants to deny mail service to
server 'A' on another server 'B'. This malicious user knows the
'[EMAIL PROTECTED]' greytrapping address.
2) The server B is protected by spamd with greytrapping enabled.
3) The server A verifies addresses of all smtp-senders. In my case
it's 'http://www.milter.info/sendmail/milter-sender/', although other
solutions may exist. The smtp callback is made with an empty ('<>')
return address.
What [EMAIL PROTECTED] does here is indistinguishable from the way spam is sent
these days. Spambots send messages from wherever they can, using
return addresses in some unrelated domain, usually with made-up local
parts.
Occasionally the made-up local part will match a user that actually
exists. At other times, well, that's how my spammer bait address list
(<http://www.bsdly.net/~peter/traplist.shtml>) was born.
From where I'm sitting it looks like your setup includes a piece of
software that was written based on the same assumptions that spawned a
whole raft of "challenge-response" systems to annoy the world, and
fails for the exact same reason: as you have demonstrated, it is
possible to send email with a forged return address that may still be
a deliverable address. Checking whether a particular return address
is deliverable doesn't buy you much by itself.
Agree. Never knew though, that the callbacks DO annoy.
spamd's greytrapping, on the other hand, is based on factors that are
actually under your control, ie what addresses /in your own domains/
are valid or not. That's a whole world of difference.
My recommendation would be to stop using milter-sender. It probably
generates more noise than useful information anyway, and while you're
at it, make extra sure nobody snuck in one of those annoying
challenge-response systems while you weren't looking.
- Peter
Thanks to all who replied, let's just think through the advices given.
Kind regards,
Mikhail Boev
