Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Eric Kuzniar
Datum:  
To: exim-users
Betreff: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive

>>
>>
>>
>>>Anyone who has run a very active mail server will tell you that
>>>callouts can use *enormous* amounts of resources if amplified
>>>appropriately.
>>>
>>>
>>>
>>does this ever happen ??
>>
>>
>>
>
>Nope - it's totally bullshit.
>
>
>


    Where bullshit means, "Yes it does really happen, just hasn't 
happened to me"


If you've ever been the victim of a massive joejob using one of your
domains as the sender you will understand why people implement SPF
despite it's failings and why people don't much care for sender
verification, C/R or even bounces. Thousands of connections a minute
from unique hosts asking if abc@??? is valid user, bounces
and C/R messages all arriving in a brief period of time pushing your
mail server to the point that they can't process legitimate e-mail. The
defers piling up legitimate email on the remote-queues, all adding up
to agony that only prescription medication eases.

It's no fun to be on that end of the fence. How could that all be
avoided? Well if every single mail-server had enough horsepower to spam
and virus scan the message before doing a callout and reject it at SMTP
time then it wouldn't hurt "yourdomain.com", but reality tends to smell
less sweet. So if you accept the message and then decide it's bad you
either generate a bounce, or risk failing in your duty of providing
reliable mail delivery. Bounces will generally take more of the
resources of the victimized domain than the callout. A bounce and a
callout for a non-existant user equals the same pain on my end of the
fence, of course what's even sweeter is when someone uses SPF fails and
SV fails as a reason to bounce the message. "We didn't accept this
message because you told us that no such user exists and that it was
sent from an IP that you say doesn't send messages for you". Gee,
thanks. SMTP is an imperfect protocol for an imperfect world. Receiving
millions of connections as a result of a joejob does happen, it's not
bull, and it sucks. I don't find that the callouts are any worse than
the bounces, doesn't mean I like getting thousands of them a minute,
either. Having said all that, at least I don't have to spam and virus
scan a callout.