Dear all,
It is great news for hearing ppl of implementing this feature with qmail.
However, I think that it is not ideal to run both sendmail and qmail at
the same time and has loss the benefit of running qmail. Any people has
start to work to include this user ldap-lookup in qmail-smtp so that it
will be more simple and efficient?
Any ideas?
Thanks
On Tue, 15 May 2001 [EMAIL PROTECTED] wrote:
> I'm currently using a sendmail/qmail hybrid to prevent this attack. It's
> called Rumplestiltskin for future reference to this type of attack. I use
> a [EMAIL PROTECTED] and a .qmail to parse the bad To: delivery then add it
> to the rejection list in sendmail. The bad delivery occurs only
> once. And only one failed LDAP lookup occurs as well. From then on the
> mail is rejected on the MTA level before the mail ever makes it
> in. Hence, no large queues and no double bounces. I would haveused the
> badrcpt/Antispam in qmail-ldap had the files been hashed. Using the
> badrcpt(with 250K bad names) method in qmail-ldap, an inbound smtpd
> would cause around 12K function calls to build 1 connection. That's
> unacceptable. Thats the reason I resorted to Sendmail/Qmail-ldap hybrid
> to work the anti-spam mojo on the MTA the rest of the world saw.
>
>
> Kyle "I get 80,000 spams a day"
>
>
>
>
> On Tue, 8 May 2001, Lo Kai cheong wrote:
>
> > Dear all,
> >
> > Currently, there is a lot of spammers using special tools to generate
> > random users account to ISP domain([EMAIL PROTECTED],[EMAIL PROTECTED]@xx.com)
> > in order to create email bounced back bombed messages to a faked sender
> > address. This has created huge worked load to the email server and can
> > creat a huge mail queue in a very short time. I think that the best
> > approach is to drop the invalid users connection immediately and don't
> > creat bounced back message. I see that the current sendmail is using that
> > approach for protection.
> >
> > However, the current qmail-smtpd do not have this options. Although this
> > implementation will create extra workload for the ldap lookup, I think
> > that it is still worthwhile to do in order to prevent email attacks from
> > others.
> >
> > Any thoughts or comments!!
> >
> > KC LO
> >
> >
>
>
>
