Christopher Chan wrote:
> 
>>>     
>> You are removing a layer if you just pass through the recipient check to the 
>> ultimate source (the internal delivery machine) before accepting, and it 
>> does in 
>> fact need to be able to handle the lookups at the speed real messages come 
>> in. 
>> However, your external relay is likely to get whacked with a dictionary 
>> attack 
>> that it needs to be able to reject quickly so you can't do that if the 
>> delivery 
>> box is slow.
>>   
> 
> OH are we? So what happens when the frontend hands off to the internal 
> delivery machine? Does not the internal delivery machine again do 
> another lookup?

Yes, but it is pretty unlikely that the results will be different since they 
are 
both done quickly against the authoritative source.  Unlike if you had made an 
intermediate copy of the database.

>> I used qmail for one of my domains a while back and it's practice of 
>> accepting 
>> everything, then sending bounces got a dictionary attack onto some kind of 
>> 'good 
>> to spam' list and I got about 50,000 messages/day for non-existing users for 
>> years afterwards.  That was a problem until I put a sendmail with the good 
>> users 
>> in a virtuser table in front of it.  Interestingly, the messages would come 
>> in 
>> from a large number of different IP addresses but in a sorted order and with 
>> clearly coordinated timing.
>>
>>   
> 
> 
> /me shudders to think of anyone running a pure qmail-1.03 for a mx.

But no one could convince the author that it was anything short of perfect - or 
that anyone else was qualified to touch the code.

-- 
   Les Mikesell
    lesmikes...@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to