On 2/10/2009 1:49 PM, João Miguel Neves wrote: > Charles Marcus escreveu: >> Here's a link informing why indiscriminate use of SAV is bad, and what >> it should be used for: >> >> http://www.backscatterer.org/?target=sendercallouts
> OK, I've finished reading and analyzing that text. My conclusion is that > there's no reason not to use reject_unverified sender. Your conclusion is flawed. > Most people disabled VRFY to prevent spammer tests for email addresses, > nothing else. If you want to disable all tests for email addresses you > accept all email for all email addresses, even non-existing ones and > later discard the invalid ones. That's the only way to do it (and the > reason why some of my clients are using catch-all addresses that they > redirect to /dev/null). Using catch-all for production mail servers is bad. It breaks recipient validation - meaning, if Some Important Person sends an email to the owner of one of the companies you are hosting, and typo's his email address, the sender will NOT get an NDR, and will NOT know that his important message was not delivered. Security by obscurity simply does not work... it causes far more problems than it solves, one of which is a FALSE sense of security. > 2) That a spammer can create a DDOS using SAV. > > You'll get a connection per server to which those were sent (postfix > caches the request, so it will only validate an email adress once). > > SAV actually helps reduce the effect of the DDOS attack. In the non-SAV > scenario, you get 30 million bounce messages. In the SAV cenario, each > server does one check per email adress (that costs you less bandwidth > and disk space than a Bounce message) and that single check will avoid > several bounce messages. As I said, your conclusion is terribly flawed. > 3) That SAV might create a loop. > > The SAV check in postfix is done with the postmaster address by default. > If the target server does the same check back, then the SAV server > replies that postmaster is valid (assuming it's well-configured and > RFC-compliant). > > Have I missed anything? Every SAV your server performs is arguably an ABUSE of the server being probed. For small sites, that abuse would be negligible and even unnoticeable. I agree with John. Please provide all IP addresses you are using so I can block them all now. -- Best regards, Charles
