Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Andrew - Supernews at <-
MMDavid Saez Padros at ->
Delete this message
Reply to this message
Author: David Saez Padros
Date:  
To: Andrew - Supernews
CC: exim users
Subject: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
Hi !!

> David> and you are missing one very important point, current smtp
> David> schema is by itself insecure, there is no widely spread way to
> David> check that the sender has relaly sent the message.
>
> And callout does NOT HELP THIS AT ALL, since the spammers are quite
> happy to use sender addresses that exist.

but they also use random addresses and addresses that no longer exist,
so callouts HELP me in rejecting that messages. Also i do not want to
accept any mail coming from non-existant addresses and the way to check
it is through callouts.

> David> This is a security problem that obviously when solved will
> David> imply that the receiver host will try to check the message
> David> auhtenticity by connecting to the sender's domain servers
> David> (SPF, DKIM, callout, whatever ...) Will you call this abuse ??
>
> DNS has both positive and negative caching with TTLs specified by the
> publisher; it is commonly cached in ways that allow sharing of caches
> over many servers and users;

callouts ara also cached and regarding dns caching i think that all
providers have their own dns caches and do not use someone else
recursive dns so dns caching is usually the same extent has callout
caching.

> it's a very lightweight protocol from the
> point of view of an authoritative server; it is easily scaled up; the
> relevent queries for SPF, DKIM, etc., are per-domain rather than
> per-user, and it _exists for the purpose of publishing information
> about domains_. None of this is true for SMTP-based callouts.

well, that's not what dns experts say, many of them said that dns txt
are being abused, also they are too small for many things (specially
if you want to keep it lighweight at udp without having to go tcp). Also
SPF can be per-user and in middle-complex cases can pass the single
query limit by far.

--
Salu-2 y hasta pronto ...

The brain you have reached is out of order at this time. 

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@???
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] conducive.orgRe: [exim] changing log output?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)