John Levine:
> It appears that Wietse Venema <postfix-users@postfix.org> said:
> >Here's a nice writeup that illustrates why Postfix blocks ALPACA attacks.
> >
> >https://nakedsecurity.sophos.com/2021/06/11/alpaca-the-wacky-tls-security-vulnerability-with-a-funky-name/
>
> Just wondering, did you add the anti-http stuff because of ALPACA or was it
> already there?
>
Postfix 2.2 added both the GET etc. configurable forbidden word
list and header detection (changelog says 20041124).
The initial use case was blocking open proxies, but header detection
would also be useful to get rid of spambots that ignore 5XX responses
from the SMTP server.
Wietse
