Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Andrew - Supernews
Data:  
Para: exim users
Asunto: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
>>>>> "W" == W B Hacker <wbh@???> writes:

W> Because, dear David, not ONE DAMN BIT of this whole smtp shebang
W> works if we DO NOT try to help each other within commonly agreed
W> channels!


I assume you're addressing me, not David.

What is "commonly agreed" about sender-verification callout? The
opinion I see of it amongst professional mail server administrators is
largely (even overwhelmingly) negative, other than a relatively small
number of smaller sites who for the most part are not finding
themselves the targets of excessive verification attempts, and
therefore don't realize the consequences of their behaviour (or don't
care).

I also don't see any justification for it in the RFCs; the command to
verify addresses is "VRFY", not "RCPT TO". Why do you think people
disable VRFY?

W> Handling a few liteweight verifications for others is the quid pro
W> quo for their also helping *you* by trying to reduce abuse
W> *overall*.


Too many assumptions in this sentence. (1) verification is not
"lightweight". (2) verification does not reduce abuse. (3)
verification does not help me.

W> If you are being *overwhelmed* with forgeries, try more
W> intelligent filtering.


It's not a case of being overwhelmed with forgeries, it's a case of
being overwhelmed by _blowback_ from forgeries sent to _other sites_.

W> How many come from IP's that lack a PTR? rDNS is cached very
W> effectively.


Callout (and other forms of blowback) is coming from _mail servers_,
and therefore the vast majority of the connections are from IPs with
valid rDNS, HELO parameters that look as reasonable as they ever do,
and from IPs that are not listed in any blacklist.

Furthermore, most of the IPs that send us blowback are doing so at
very low individual rates; it's only the aggregate of a very large
number of sources that makes it a problem.

W> And how hard is it to put some /24 or /8 into your firewall that -
W> per their own netblock holders, not just some contentious RBL -
W> are NOT SUPPOSED to *ever* send mail?


Blowback by definition comes from IPs that are supposed to send mail.

--
Andrew, Supernews
http://www.supernews.com