[Mimedefang] Dictionary attacks, NDRs etc..

[David F. Skoll]

On Fri, 5 Dec 2003, Fred Felgenhauer wrote:

> > You should be doing your test in filter_recipient; if you reject a
> > recipient there, it won't get added to @Recipients, the sender will
> > get a 5XX code, and you may even reduce the number of recipients to
> > 1 (which will let you avoid streaming) or 0 (which will skip all
> > the content-filtering.)

> I admit I have not read the RFC dealing with the above but,
> in the above we are telling the spammer which addresses are good
> and which are bad?

Yes.

> This is a serious security breach.

I disagree.  Security through obscurity is practically worthless; if you
think hiding valid e-mail addresses makes your system more secure, think
again.

> If I was a spammer I could write
> a program to mine all good addresses using the same process.

This would quickly be detected with the BadRcptThrottle setting.
Honestly, I see very few dictionary attacks lately; it's much easier
to mine e-mail addresses with other means.

> Would it not be better to do the LDAP lookup and simply remove
> the recipient in @Recipients and not give the spammer any idea
> which addresses are good or bad?

You could do that, but that would be a policy decision on your part that
could allow legitimate e-mail to be blackholed.

> It may violate an RFC but aren't we in a "War against SPAM"?

No.  (At least, I am not.)  I'm trying to make e-mail a useful tool
again; that's the mission of Roaring Penguin.  Part of our mission
involves blocking spam.  But an important part also involves
respecting the RFC's so legitimate senders never get confused by mail
that vaporizes without a trace.  Balancing the two is tricky, and I believe
we do a pretty good job.

Regards,

David.