Re: [Exim] RE: bauer@dmsb.de - Die E-Mail weist bei den Adre…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MEdgar Lovecraft at <-
 
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim Users
Subject: Re: [Exim] RE: bauer@dmsb.de - Die E-Mail weist bei den Adressen u
On Tue, 6 Apr 2004, Edgar Lovecraft wrote:

> RCPT checks are not turned on by default because MS for some reason has a
> very flawed stance on the consequences of doing so (see next line).
>
> Straight from the MS "Exchange Server 2003 Transport and Routing Guide"
> <QUOTE>
> Note
> Selecting the Filter recipients who are not in the Directory check box can
> potentially allow malicious senders to discover valid e-mail addresses in
> your Exchange organization.
> </QOUTE>
>
> That is just a flawed look at the world,

Well, I -do- see that as a problem, too - but not enough of a problem
to be willing to take the consequences of any other approach.

(If one -really- wanted to make it harder to probe for valid
addresses, without the risk of creating "collateral spam", then
rejection at DATA time instead of RCPT time would be a possible ruse;
but that would make callouts non-feasible, so it's chucking out the
baby with the bathwater.)

Rather, I'd prefer to put the various blacklisting tests first, in the
RCPT ACL, so that most "baddies" get told they're blacklisted (and
thus discover nothing useful about our local addresses) before we get
as far as testing the recipient addresses.

Of course, a proportion of open relays won't have got blacklisted yet,
so it probably needs a way of slowing down any "address list scanning"
techniques that the baddies might get up to, until they get duly
blacklisted. We insert delays, and have max calls per host, as a
partial answer to that.

We used to see some very obvious trawling expeditions, probing dozens
of addresses per call, and we had ways of dealing with those (see
earlier list discussions for details). Such expeditions no longer
seem to be evident, but I can't make up my mind whether that's because
they've become less frequent, or because the logs are now totally
awash with complete garbage addresses (from the purveyors of sex and
drugs, as it seems) - and/or the trawlers have found how to make
themselves less conspicuous by not hammering many addresses in a
single call.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Recipient callout problemRe: [Exim] WishList # 230->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)