Author: Giuliano Gavazzi Date: To: Suresh Ramasubramanian, Ralf G. R. Bergs, exim-users@exim.org Subject: Re: [Exim] Yahoo and sender verification callout
At 6:46 +0530 2003/05/22, Suresh Ramasubramanian wrote: >At 04:24 PM 5/21/2003 +0200, Ralf G. R. Bergs wrote:
>>I strongly disagree with this.
>>
>>As soon as I temporarily disable callouts I get flooded with SPAM (yup,
>>not even
>>SpamAssassin catches everything.)
>>
>>So I consider them very valuable for me, and they don't cost me much.
>
>I'm sorry I was not clear enough. I mean the system _receiving_
>your callouts.
>
>Like, if somebody dictionary attacks you with forged email.com addresses in
>the sender envelope, and you get busy doing several thousand callbacks to
>our systems ...
>
I don't know how common is that a dictionary attack will also
randomly change the sender local part. I haven't seen it yet. So, if
it does not change, all you'll see is one callback per attacked host.
Or you'd rather prefer to accept the several bounces (end user
initiated) per host that you would otherwise get?
Even worse if a target host blindly accept everything and than
generates few thousand bounces...
I does not always goes the way I wrote, I guess, but when it does you
want callbacks. We need them to be more explicit in their return
values though (my last week topic).