John Levine: > It appears that Wietse Venema <postfix-users@postfix.org> said: > >Here's a nice writeup that illustrates why Postfix blocks ALPACA attacks. > > > >https://nakedsecurity.sophos.com/2021/06/11/alpaca-the-wacky-tls-security-vulnerability-with-a-funky-name/ > > Just wondering, did you add the anti-http stuff because of ALPACA or was it > already there? >
Postfix 2.2 added both the GET etc. configurable forbidden word list and header detection (changelog says 20041124). The initial use case was blocking open proxies, but header detection would also be useful to get rid of spambots that ignore 5XX responses from the SMTP server. Wietse