Autor: Alan J. Flavell Data: Dla: Exim users list Temat: Re: [exim] Sender verification
On Fri, 28 Oct 2005, Ian FREISLICH wrote:
> Ah, you folk in acedemia might not then have encountered the argument
> from a paying customer "I don't care if the admin of the site hosting
> my prospective customer is a fool, your decision to not accept their
> mail on the basis of the failed callout is costing me potential
> business".
Since you can't reliably tell the difference between a spammer, and a
misconfigured but otherwise bona fide sender, you'd have to accept
everything that was offered, and leave it to the recipient to decide.
Our users would not tolerate that - they are overwhelmingly supportive
of our anti-spam efforts - I'd go further, they positively *demand* it
of us; the number of complaints received from our own users about
rejection of bona fide mail offers is very small, and usually the
explanations we give them are well-received.
The most recent complaints that I can recall, on the other hand, from
would-be senders themselves were, in fact, people presenting their own
*.gov sender addresses but trying to send direct-to-MX mail from their
US domestic DSL accounts. I don't know about you, but when presented
with such a scenario I would definitely "smell a rat".
> And that is a nice intellectualisation. [...]
> What I don't get is why you (and many others) think it's OK to:
> 1. Steal resources.
Because we play our own part in responding to callouts when our own
domains are faked as senders by the spammers (which they heavily are)?
> 2. Participate in a DDoS attack (of innocents to boot).
I must stress that callout is pretty much a last-resort in the RCPT
ACL. There are plenty of earlier opportunities for us to reject a
RCPT offer without bothering a third party in that way.
While it's possible to devise the kind of DDoS scenario that you
mention, we have a number of countermeasures which I suspect would be
more likely to make our own server unresponsive (with the max number
of exim processes having rejected abusive requests and then applying a
time delay) before we'd managed to DoS anyone else.
And callout certainly is not our default - it's only used in selected
circumstances.
But yes, your point is taken, and if you are opposed *in principle* to
this approach then I appreciate that there is nothing I can say that
will satisfy you.