On 5/7/06 10:46 AM, "Brad Knowles" <[EMAIL PROTECTED]> wrote:
> I'm curious to know -- Postfix has this address verification > feature, which is kind of like greylisting. Basically, before a > message from a given envelope sender will be accepted, the system has > to get a confirmation that the registered MXes for that envelope > sender domain will at least appear to accept messages for that sender. It's not really like greylisting, although it can stop mail from a similar--not the same--collection of servers. Exim has a similar feature, which some Exim admins use and others believe is bad citizenship. (As with Brad's comments, Exim also caches results.) Of the Exim admins who use the feature and to whom I listen the most, the feeling seems to be that this test (a) needs to be done selectively, as some servers respond oddly or uselessly (eg Yahoo), and (b) should be done after other protections have not stopped a sender. We don't presently use the Exim feature. Part of selectivity is to ensure that you don't get into a callout loop with some sender (part of which is deferring callouts where the MAIL FROM command is MAIL FROM:<> until after the DATA command (which the other server's callout should never send). Another useful defense can be to delay sending out the initial banner for a few seconds and/or delay sending the response to EHLO or HELO for a few seconds. Many of the spam engines just press on with the EHLO/HELO in the first case or the MAIL FROM: in the second case, and the receiving server can then reject the protocol violation (I don't know whether Postfix can do that). This is another case where selectivity is a good idea--there is no point in slowing things down when known white hats are sending you mail (and the delays do eat your resources--open TCP connections). --John ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
