Re: [exim] Rate limiting on Sender Verify

Top Page
Delete this message
Reply to this message
Author: Andrew - Supernews
Date:  
To: exim-users
Subject: Re: [exim] Rate limiting on Sender Verify
>>>>> "Marc" == Marc Perkel <marc@???> writes:

Marc> Ok - I'm changing the subject line here to fork this topic. The
Marc> issue is sender verification during a dictionary attack. If
Marc> someone was faking a lot of different addresses at domain.com
Marc> trying to send spam them my server would do callouts trying to
Marc> verify email addresses and could cause a lot of collateral
Marc> traffic.


Rate limiting does very little to help here. Suppose a spammer sends
out (to other people) 100 million spams all of which have different,
random, sender addresses at your domain. You're going to see three
types of traffic in response to the spam run: attempts to do callout,
attempts to do C/R, and attempts to send bounces. All of these will
likely look pretty much the same to you, unless you actually have a
catchall for the targetted domain.

How many sessions that end after RCPT TO can you handle per hour
without impacting your legitimate traffic?

--
Andrew, Supernews
http://www.supernews.com