Author: Marc Perkel Date: To: exim-users CC: Rene Marticke Subject: Re: [exim] What's up ith the uceprotect blacklist?
Philip Hazel wrote: > On Tue, 17 Oct 2006, Rene Marticke wrote:
>
>
>> let me explain two scene why this callouts are abuse.
>>
>> 1.
>> me@domA send mail to you@domB
>> --> domB callout whith postmaster@domB if me@domA is valid.
>> --> domA use callout to -> so call domB if postmaster@domB is a valid
>> user .... loop
>>
>
> That is precisely why Exim does *not* do a callout with postmaster@domB
> to verify a sender. It does the callout with "<>" as the sender. We've
> had this discussion several times. There are some options for varying
> the callout sender for recipient verifications (when one is generally
> talking to another of your own MTAs), but not for sender verifications.
>
>
You know what would be handy is some built in code to deal with
dictionary attacks. I can see a situation where a third party could get
hammered by verifying a dictionary attack. In my case I have a crude
solution. After a few bad email addresses I return defer on that IP for
the remainder of the 5 minute period. That tends to stop/minimize
dictionary collateral damage. It would be nice if Exim had something
better built in specifically to deal with dictionary attacks.
There should be some sort of limit so that if you need to do a lot of
verification callouts for a specific domain in a short period of time
that you could rate limit it.
