Re: [exim] Rate limiting on Sender Verify

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Chris Edwards
CC: exim-users
Subject: Re: [exim] Rate limiting on Sender Verify


Chris Edwards wrote:
> On Tue, 17 Oct 2006, Marc Perkel wrote:
>
> | Ok - I'm changing the subject line here to fork this topic. The issue is
> | sender verification during a dictionary attack. If someone was faking a
> | lot of different addresses at domain.com trying to send spam them my
> | server would do callouts trying to verify email addresses and could
> | cause a lot of collateral traffic.
>
> Rate-limiting callouts based on the sender domain only helps in the
> special case where a spammer is repeatedly using one domain for multiple
> attempts on your server.
>
> But surely most of the spam you receive has sender addresses in different
> faked domains (not just different localparts at a single "domain.com").
>
> So you'll still be emit a lot of collateral traffic.
>
>


Actually from what I've seen spammers will find some misconfigured
domain that they like for some reason and use it for the fake addresses.
Generally a domain that has catchall accounts.