Re: [exim] Integrating URI Blacklists into Exim

On Thu, 18 May 2006, Dave Lugo wrote:

> I'm glad it helps you, but for the folks[1] with domains that
> are heavily forged by spammers, the callbacks themselves are
> a additional DoS they have to deal with.

One should definitely use other strategies to keep out the bulk of
abusive mail. One should certainly *not* apply callout as a blanket
strategy[1]. But I still reckon that it can be a useful tool for
dealing with a range of otherwise doubtful cases.

At least if spammers are reasonably consistent about their faked
sender addresses, exim will cache the result(s) of its test(s) and
re-use them. But if the localparts don't repeat, then indeed it's
heading into denial of service territory, that can't be denied.

Some kind of rate limiting is needed, or a cumulative score of bad
sender addresses, leading to blacklisting of the offering MTA, to
reduce the risk.

regards

[1] by the way, we've seen quite a few cases of what are otherwise
bona-fide mailing lists, with content which users actually wanted to
receive, that were being sent by bulk mailers using purported sender
addresses in their own domain, but which they rejected on callout. I
say it serves them right that we rejected some of these mailings,
until the problem came to light.