[Greylist-users] OpeBSD greylisting in spamd
Bob Beck
beck at bofh.cns.ualberta.ca
Thu May 27 08:26:54 PDT 2004
Nice Writeup Jim, Thanks for the link. You may wish to
consider posting this to misc at openbsd.org as well.
I do have one question, although not related to your implementation
per-say - You say:
>The inbound server accepts everything and forwards the messages on to a
>system that scans them for viruses, and delivers to the users mailboxes.
>If the mailbox does not exist, the mail is sent to the outbound server
>to be bounced.
Does this mean that you accept stuff with spoofed addresses
and then bounce it back after accepting it, if so, I just wanted to
say "tsk tsk" and wave my finger at you :) - Bouncing stuff to
forged senders after accepting it just makes you a bounce bomb attack
multiplier. I've been on the recieving end a few times and it's very
unpleasant, and why spamhaus is encouraging people not to do it.
See:
http://www.theregister.co.uk/2004/04/06/joejoe_dos_attack/
In short, you should Ensure that your mail server is generating 5XX
REJECT messages, NOT sending a notification to the 'From:' or Envelope
>From sender, as these are (almost always) spoofed in the case of spam
and viruses. Wait until a spammer sends out several bazillion spams
with the envelope sender set to <randomdictionaryword at yourdomain.com>
and watch your mail server get unhappy fast as everyone sends you those
oh-so helpful bounces.
If you cannot make an SMTP-time assessment of deliverability of a
message, filter content for obvious viral and spam signatures, and do
not generate nondelivery notices for such messages, as they frequently
spoof sender. Not taking these precautions makes you a vector for a
DDoS Joe-job attack. Basically, if you do your filtering after smtp-time
you should not be generating bounces.
Cheers,
-Bob
More information about the Greylist-users
mailing list