Author: Alan J. Flavell Date: To: Leonardo Boselli CC: Exim users list Subject: Re: [Exim] offers123.net & possible DOS.
On Sat, 18 May 2002, Leonardo Boselli wrote:
> On 18 May 2002, at 13:49, Alan J. Flavell wrote: > > On Fri, 17 May 2002, David Woodhouse wrote: [nothing that you quoted]
> > In any case, there are plenty of domains that say OK at RCPT TO: time
> > to even the most preposterous addresses, and only repudiate them
> > later: waste of effort to list those in callbacks. > There is a problem in this behaviour:
A problem in what behaviour? As I say, it is a waste of time to list
those domains in the callbacks (if they behave consistently in the way
that i described)
> there are 2 cases when this check is impossible.
> 1. If the main MX exchanger has a loose connection and you hit
> most of the time a secondary MX, in this case it would accept ANY
> message, since it does not have the user databasa
Sure. Then, callbacks would sometimes repudiate an invalid username
and sometimes wouldn't. It's a value judgement then whether there is
any point in putting those domains in the callbacks list.
> 2. you could hit one server that accept ony message, trying to
> deliver by partial match or trying to get hints form body.
As far as we are concerned, there could be any number of causes for
the symptoms which you describe in 1 and 2. From the outside, all
that we know is that the email domain in question sometimes repudiates
bad usernames at RCPT TO: time, and sometimes doesn't.
> in this case what woud you do ?
We would do the same as we do when the spammer counterfeits a valid
address and the callback confirms it as good: we accept the mail as
normal, i,e it will then stand a chance of being spotted in the
spam-rating filter, just like any other mail that we accept.