Re: [exim] Sender callout verification with warning only

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Peter Bowyer
Date:  
À: exim users
Sujet: Re: [exim] Sender callout verification with warning only
On 06/07/07, Toralf Lund <toralf@???> wrote:
>
> >
> > Do you realise that callouts are considered abusive in anti-spam circles and
> > are often used in certain forms of ddos attacks ? Some major mail servers
> > even BLOCK based on the number of callouts they receive from a given IP.
> > Something like 80% of emails are spam, so 80% of your callouts are being
> > directed at totally innocent machines. Challenge response methods should be
> > considered in the same way.
> >
> I tend to consider them as a way of reducing spam, and everything that
> does is for the Greater Good, IMO. Also, I'm quite happy to receive this
> kind of requests at our server, so I'll happily use them myself -
> according to some principle we read in some holy book or the other at
> school...


You'll need to be careful about who you send callouts too, then. As
Phil says, the view that 'all callouts are abuse' has some vociferous
supporters. At the very least I suggest the following:

- maintain a list of domains you never call out to
- do as much envelope-checking as you can before triggering a callout
(DNSBLs, verify=sender, SPF pass, HELO sanity)
- expect to be listed by some agressive DNSBLs
- don't go near SPAM-L

Personally, I'd rather receive sender verification callouts than
backscatter. But that view doesn't always scale.

Peter


--
Peter Bowyer
Email: peter@???