[Greylist-users] OpeBSD greylisting in spamd

Bob Beck beck at bofh.cns.ualberta.ca
Thu May 27 08:26:54 PDT 2004


	Nice Writeup Jim, Thanks for the link. You may wish to 
consider posting this to misc at openbsd.org as well. 

	I do have one question, although not related to your implementation
per-say - You say:

>The inbound server accepts everything and forwards the messages on to a 
>system that scans them for viruses, and delivers to the users mailboxes. 
>If the mailbox does not exist, the mail is sent to the outbound server 
>to be bounced.	

	Does this mean that you accept stuff with spoofed addresses 
and then bounce it back after accepting it, if so, I just wanted to
say "tsk tsk" and wave my finger at you :)  - Bouncing stuff to
forged senders after accepting it just makes you a bounce bomb attack
multiplier. I've been on the recieving end a few times and it's very
unpleasant, and why spamhaus is encouraging people not to do it. 

See:
http://www.theregister.co.uk/2004/04/06/joejoe_dos_attack/

	In short, you should Ensure that your mail server is generating 5XX
REJECT messages, NOT sending a notification to the 'From:' or Envelope
>From sender, as these are (almost always) spoofed in the case of spam
and viruses. Wait until a spammer sends out several bazillion spams
with the envelope sender set to <randomdictionaryword at yourdomain.com>
and watch your mail server get unhappy fast as everyone sends you those
oh-so helpful bounces.

If you cannot make an SMTP-time assessment of deliverability of a 
message, filter content for obvious viral and spam signatures, and do 
not generate nondelivery notices for such messages, as they frequently 
spoof sender. Not taking these precautions makes you a vector for a 
DDoS Joe-job attack. Basically, if you do your filtering after smtp-time
you should not be generating bounces.

	Cheers,

	-Bob

	


More information about the Greylist-users mailing list