On Friday 14 December 2001 06:53, David Stults wrote: > That is a possible solution, though I don't know how managable it would be > on the scale I would have to implement it on. Not that we have a lot of > turn-over, per se, but as an ISP our customer base is in a constant state > of flux. After a few months, badrcptto would be pretty big :-). Seems to > me that the single biggest risk of putting this functionality into qmail > would be the potential discovery of all valid mail addresses of our > customers. That would be unfortunate. There might be a way to mitigate > that risk somewhat, and that is one thing I need to look at before pursuing > this issue any further. I pride myself on the security of all my systems, > but I also pride myself on being able to offer a good set of services to > our customers. It's a difficult balance sometimes. > > Dave
The valid email address discover is the biggest problem of this feature and I don't think that this problem has an easy solution. If you drop after some erroneous rcpt to: can appen that some mta (like exim) that make a single smtp connection for multiple recipient of the same domain will get bounces after the max retry count. In which way can you solve this problem ? You have to consider the fact that this feature can become an _easy_ dos for your smtp and ldap servers. felipe.
