[Greylist-users] OpeBSD greylisting in spamd

Bob Beck beck at bofh.cns.ualberta.ca
Thu May 27 08:26:54 PDT 2004

	Nice Writeup Jim, Thanks for the link. You may wish to 
consider posting this to misc at openbsd.org as well. 

	I do have one question, although not related to your implementation
per-say - You say:

>The inbound server accepts everything and forwards the messages on to a 
>system that scans them for viruses, and delivers to the users mailboxes. 
>If the mailbox does not exist, the mail is sent to the outbound server 
>to be bounced.	

	Does this mean that you accept stuff with spoofed addresses 
and then bounce it back after accepting it, if so, I just wanted to
say "tsk tsk" and wave my finger at you :)  - Bouncing stuff to
forged senders after accepting it just makes you a bounce bomb attack
multiplier. I've been on the recieving end a few times and it's very
unpleasant, and why spamhaus is encouraging people not to do it. 


	In short, you should Ensure that your mail server is generating 5XX
REJECT messages, NOT sending a notification to the 'From:' or Envelope
>From sender, as these are (almost always) spoofed in the case of spam
and viruses. Wait until a spammer sends out several bazillion spams
with the envelope sender set to <randomdictionaryword at yourdomain.com>
and watch your mail server get unhappy fast as everyone sends you those
oh-so helpful bounces.

If you cannot make an SMTP-time assessment of deliverability of a 
message, filter content for obvious viral and spam signatures, and do 
not generate nondelivery notices for such messages, as they frequently 
spoof sender. Not taking these precautions makes you a vector for a 
DDoS Joe-job attack. Basically, if you do your filtering after smtp-time
you should not be generating bounces.




More information about the Greylist-users mailing list