On Saturday, December 27, 2003 5:14 PM [GMT-5=EST], Doug Luce <[EMAIL PROTECTED]> wrote:
> This reminds me: > > I'm scared to death of false positives. So much so that every email that > triggers a positive from Spamassassin (i.e. several thousand spams a day) > gets a response. It tries to be as polite as possible, both by being > good-natured in tone and by both a "Precedence: bulk" header and an > application-specific X-header to break loops. > > It's worked well enough for me to plan an implementation for an email > system I run (servicing about 70k users). There are no real anti-DDOS > provisions in it that would prevent someone from sending several million > messages with a forged SMTP envelope to flood someone's mailbox > quasi-anonymously. > > I haven't ever heard of this sort of system being used. Other than the > obvious problems (like above, and the fact that it generates a LOT of mail > that's going nowhere). Does anyone know of a precedent? Or wants to pick > apart the idea in terms of community effect? > Integrate SpamAssassin into your mailer daemon so it rejects in realtime. That way, the server trying to dump the spam on you gets a reject message right away, so that you don't generate a bounce yourself. Its unlikely to generate a bounce if its a proxy, as its not a real SMTP server obviously. I do this with EXIM - it lets the message go through until right after the DATA stage. Rejects as soon as the data stage is done. It also archives the message so I can review later/send to spamcop/whatever. I've been told this technically violates one of the RFCs, but I haven't been able to find anything to support that. The more you can do in realtime, the less likely that you'll generate unnecessary rejection traffic that might flood someone else. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org