[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spamcop blacklisting servers for misdirected DSN messages



On Thu, 2004-03-11 at 21:01, Daryle A. Tilroe wrote:
> Eugene Crosser wrote:
> > On Thu, 2004-03-11 at 03:37, Daryle A. Tilroe wrote:
> > 
> >>And, of course, is this the only solution for right now?  I.E.
> >>is there no way to hack the rejection at SMTP conversation time?
> > 
> > If I understand right, once you have 'PARAM enable-router' you get
> > messages for non-existent users rejected at smtp session (unless you
> > also have ROUTEUSER_IN_ABNORMAL_UNIX set to non-empty value).
> > 
> > For me, spawning router for every 'rcpt to' address would be too
> > costly...
> 
> I did not realize this was already possible.  Should really RTFM a
> bit more once in a while :).  How serious is the security issue
> it describes in smtpserver.conf?  I am assuming that with a modest
> 100 users on the system doubling the router load should not be too
> bad.  That is the impact isn't it?  Having to run the router once
> during the smtp conversation and once more to process the email.

OK gents,

I took a deep breath and turned on enable-router, and 't' flag on the
'*' helo pattern.  Contrary to my fears, this did not cause any
noticable increase in load average.  Actually, I think it even became a
bit lower than before.  Maybe because there is now less queue files to
deal with.

So, I can recommend this solution to those who want to stop sending out
misdirected DSNs.

Be aware that turning on session-time user verification also opens a way
for "dictionary attack" by spammers who want to collect your actual
customer list (hmm, maybe add smtp_tarpit() there?).

Eugene

This is a digitally signed message part