Re: [exim] Anti SPAM Exim configuration

Top Pagina
Delete this message
Reply to this message
Auteur: Alan J. Flavell
Datum:  
Aan: Exim users list
Onderwerp: Re: [exim] Anti SPAM Exim configuration
On Wed, 15 Dec 2004, Tony Finch wrote:

> On Tue, 14 Dec 2004, Alan J. Flavell wrote:
> >
> > "Verifying" a local part with MTAs that say "fine" to any old rubbish,
> > just isn't worth the overhead.
>
> It's really very cheap.


It may be cheap for you - but it potentially gives the spammers the
ability to enlist us all in a denial-of-service attack on some site
that they've taken a dislike to. Paging Suresh?

> > And some otherwise-bona-fide MTAs won't co-operate, either.
>
> Log analysis and submission to rfc-ignorant (see my recent posts)
> deals with the idiots.


Yes. But that's not the whole story. Here's a for-instance.

There appear to be some MTAs which have some kind of rate-limit
mechanism. I can't prove this conclusively, but it seems that the
more that we try callout to them, the less likely they are to respond
within the timeout that we set for callout. Which means that we
defer, and the offering MTA tries the mail again soon afterwards, and
we try yet another callout, and it times-out yet again, and this can
go on for many hours, or even days. Meantime, more mails are being
offered with the same sender domain (it isn't always yahoo.co.jp ;-),
and those get called-out too, adding to the pressure on the called-out
site - and so it goes on.

rfc-ignorant doesn't help with that.

On the other hand, if you just ignore the result from callouts which
time-out, then you're considerably watering-down the potential benefit
from using callout. Seems to me it needs a more-sophisticated
mechanism for stateful control of callouts, if you're going to
implement callouts on a global basis.

Anyway, I'm just a part-timer at this, and you seem to be the
specialist, so I won't labour the point.

[..]
> MUAs are fundamentally crap and written by people who don't know the
> difference between RFC 821 and the car number plate you want to run
> them over with.


That's quite .sig-worthy ;-)

Thanks for the other points - interesting.