著者: Ian FREISLICH 日付: To: Alan J. Flavell CC: Exim users list 題目: Re: [exim] Sender verification
"Alan J. Flavell" wrote: > On Fri, 28 Oct 2005, Ian FREISLICH wrote:
> Since you can't reliably tell the difference between a spammer, and a
> misconfigured but otherwise bona fide sender, you'd have to accept
> everything that was offered, and leave it to the recipient to decide.
>
> Our users would not tolerate that - they are overwhelmingly supportive
> of our anti-spam efforts - I'd go further, they positively *demand* it
> of us; the number of complaints received from our own users about
> rejection of bona fide mail offers is very small, and usually the
> explanations we give them are well-received.
Which I think that you can do without those callouts.
> The most recent complaints that I can recall, on the other hand, from
> would-be senders themselves were, in fact, people presenting their own
> *.gov sender addresses but trying to send direct-to-MX mail from their
> US domestic DSL accounts. I don't know about you, but when presented
> with such a scenario I would definitely "smell a rat".
And so would I. Those people shouldn't be doing direct-to-MX any way.
> While it's possible to devise the kind of DDoS scenario that you
> mention, we have a number of countermeasures which I suspect would be
> more likely to make our own server unresponsive (with the max number
> of exim processes having rejected abusive requests and then applying a
> time delay) before we'd managed to DoS anyone else.
I still think you've missed the point. I doubt you _alone_ would
be capable of DoSsing our site in this way. The problem is that
you are not alone in performing callouts and the effect on the
recieving end is cumulatative. It's not a crafted DDoS, it's an
inadvertant DDoS and everyone doing the callouts are inadvertant
participants.
I suspect that you may not come about to this way of thinking until
you are on the recieving end of a situation such as we were recently.
When your domain is used in multiple spam runs where the total
number of emails runs into the upper tens or lower hundreds of
millions over a day or so, the callouts from the fraction that do
so will be oppressive, but you can take solace knowing that your
overload will cause temporary rejections (that will have no retries)
for some recipients of the spam run.
> But yes, your point is taken, and if you are opposed *in principle* to
> this approach then I appreciate that there is nothing I can say that
> will satisfy you.