Re: [exim] Rate limiting on Sender Verify

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Chris Edwards
Date:  
À: exim-users
Sujet: Re: [exim] Rate limiting on Sender Verify
On Tue, 17 Oct 2006, Marc Perkel wrote:

| Ok - I'm changing the subject line here to fork this topic. The issue is
| sender verification during a dictionary attack. If someone was faking a
| lot of different addresses at domain.com trying to send spam them my
| server would do callouts trying to verify email addresses and could
| cause a lot of collateral traffic.


Rate-limiting callouts based on the sender domain only helps in the
special case where a spammer is repeatedly using one domain for multiple
attempts on your server.

But surely most of the spam you receive has sender addresses in different
faked domains (not just different localparts at a single "domain.com").

So you'll still be emit a lot of collateral traffic.