Re: [exim] Sender callout verification on BATV signed addres…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: W B Hacker
Data:  
Para: exim users
Asunto: Re: [exim] Sender callout verification on BATV signed addresses
David Saez Padros wrote:
> Hi
>
>> I think you will find that the MX's for ols.es are indeed listed at
>> backscatterer.org :
>>
>>       Testresult for 78.129.233.52:
>>       This IP IS CURRENTLY LISTED in our Database.

>
> just thinking a bit about this: this is the kind of useless rbl
> that seems more a revenge of the author against the world than
> something useful (*) If you see how ip's are listed in this rbl
> you will notice that both bounces and callouts are exclusivelly
> done by real servers. So if you use it to reject anything from
> those ip's you will mostly reject legitimate mail, if you use this
> rbl to reject callouts then mail comming from your server to
> the servers listed in this rbl will be rejected (because it will
> fail the callout). In the other hand we do callouts with a special
> username (not <>) to avoid problems with servers rejecting bounces
> so you can use this rbl to reject callouts but you will not catch
> our callouts (and many others). The only use of this rbl as a
> blacklist is if you are under a ddos attack (*)
>
> If you read the arguments against callout it says that callouts are
> a broken technique but that's not true (at most a deficient
> implementation of sender callout could be broken) and the problem
> he has is not about sender callouts is about people forging his
> domain, which he can prevent by publishing spf records. Same for
> backscatter, there is nothing in any RFC i have read that says that
> bounces are only for local users, in fact what you can read in RFC's
> about bounces is that you should accept them (another question is
> that is obvious that is much better to reject at smtp time than
> generate bounces)
>
> (*) Please notice that as this rbl only lists real email servers
> in fact it can be used as a whitelist, which is the most useful
> use i can image of it
>


*sigh*

What does your beloved callout do to 'avoid problems' when it runs into this:

smtp_accept_max_per_host         = 1


Saves the carbon budget if each registered class of fool would agree to
communicate only with other fools registered in the same fool-class would it not?

;-)


Bill