On Thu, 2004-03-11 at 21:01, Daryle A. Tilroe wrote: > Eugene Crosser wrote: > > On Thu, 2004-03-11 at 03:37, Daryle A. Tilroe wrote: > > > >>And, of course, is this the only solution for right now? I.E. > >>is there no way to hack the rejection at SMTP conversation time? > > > > If I understand right, once you have 'PARAM enable-router' you get > > messages for non-existent users rejected at smtp session (unless you > > also have ROUTEUSER_IN_ABNORMAL_UNIX set to non-empty value). > > > > For me, spawning router for every 'rcpt to' address would be too > > costly... > > I did not realize this was already possible. Should really RTFM a > bit more once in a while :). How serious is the security issue > it describes in smtpserver.conf? I am assuming that with a modest > 100 users on the system doubling the router load should not be too > bad. That is the impact isn't it? Having to run the router once > during the smtp conversation and once more to process the email. OK gents, I took a deep breath and turned on enable-router, and 't' flag on the '*' helo pattern. Contrary to my fears, this did not cause any noticable increase in load average. Actually, I think it even became a bit lower than before. Maybe because there is now less queue files to deal with. So, I can recommend this solution to those who want to stop sending out misdirected DSNs. Be aware that turning on session-time user verification also opens a way for "dictionary attack" by spammers who want to collect your actual customer list (hmm, maybe add smtp_tarpit() there?). Eugene
This is a digitally signed message part