著者: Luzynski, Steve 日付: To: Kevin P. Fleming, Exim users list 題目: RE: [Exim] OT: Venting at how much Exchange Server sucks :-)
Kevin P. Fleming wrote: >[edit]
> You see, Microsoft has this "stated policy" that Exchange Server
> _will not_ verify local parts on incoming SMTP mail during the SMTP
> transaction. Supposedly this is to "protect" us from extra CPU usage
> for the LDAP lookups or something. What it means, of course, is that
> Exchange Server accepts mail for any local part for any domain it is
> serving, even dictionary attacks and other cruft. It then queues them
> up for delivery, but of course it can't deliver them because the
> local part is invalid so it wants to generate an NDR.
>
> This may have been reasonable behavior in 1998/9 when this product
> was being developed; today it is absolutely ridiculous. The
> prevalence of forged/invalid sender spam/viruses means that the
> Exchange Server "badmail" directory (equivalent of frozen messages in
> Exim land) just fills up constantly, even for a small site, and the
> server generates "collateral spam" for forged senders that are
> deliverable. I have no idea how sites with large email volumes handle
> this problem, it's just insane.
>
> And now back to your regularly scheduled programming <G>
The only sane way to handle it is to put Exim in front of it, doing LDAP
lookups on incoming messages. (Plus SpamAssassin and ClamAV, for that
matter).
Then you create a scheduled task on the Exchange server to empty out
that worthless badmail directory every day.
Of course, the real answer is to rip it out, but until someone comes up
with a scheduling package that will work with Outlook(*), good luck with
that.
-Steve
(*) Where "work with oOutlook" is defined as ZERO user visible
functionality changes.