[Mimedefang] relaying for multiple domains and servers and LDAP lookups

Wed Apr 21 11:18:09 EDT 2004

mimedefang-bounces at lists.roaringpenguin.com wrote on 04/21/2004 09:51:20 
AM:

> 
> Since I am assuming by LDAP, you really mean MS LDAP or AD for Microsoft
> Exchange, I *really* recommend the LDAP to Access table solution.

Actually, they are mostly Lotus Domino servers, but we are filtering for 
one Exchange server already.  They are all in seperate internet domains.

> A) it's the most basic level to reject the connection with sendmail 
before
> throwing the email to a 20MB+ program

Thats why I was interested in building a single aggregatte LDAP and 
pointing sendmail at it.

> C) all the research and reading we have done tells us that an NT/2K/2K3
> server will NOT withstand a dictionary attack that causes LDAP lookups
> galore.  The concept of "lightweight" behooves Microsoft programmers ;-) 
 In
> fact, the threshold was ridiculously low like 3 queries per second tying 
up
> a 450Mhz PII server.  Granted you might have a better server but still,
> that's ridiculous scalability.

Somehow I amd not supprised.  You mean "lightweight" doesn't mean 
"collapse under slight load"?  <g>

> In closing, a second solution I might suggest is the idea I had for the
> check against SMTP server in MD.  In short, build a DB tie that caches
> correct and incorrect answers on the fly and expires them periodically.
> Unfortunately, because of dictionary attacks, this could lead to a
> *potential* DoS if you get 4 billion incorrect requests on a server with 
15
> correct answers.

Sure, if I was more of a programmer!! I used to be, but have been on the 
system admin (especially mail servers of late) side of things for quite a 
while and the programming skills are pretty rusty!  I'm still learning the 
basics of perl.  This sounds like it would be a bit of a project.

> I can also recommend, for those that haven't figured this out yet, do 
NOT
> use first name emails (i.e. bob at bobsdomain.org).  Use's multi-name,
> firstname.lastname, firstinitial.lastname, etc. etc.  We are DEFINITELY
> seeing ratware that is taking SPAM lists and DOMAIN lists and lists of 
names
> and combining it all into super dictionary attacks.  Think about entire 
days
> filled with nothing but email addresses starting with
> A?????????????????@mydomain.com...

for the most part, it's FisrtinitialLastname without a seperator.  Makes 
it easy to send someone email, but also easy for the spammers.  I'm 
convinced that sender authentication like SPF is the way to go.  I was 
reading the spooge from Microsoft about Domain keys, and he wants to 
violate RFCs by using underscores in DNS records.  Not to mention the 
complexity of XML in DNS records.  What's wrong with plain text in the 
right format?  (OK, getting off the soapbox now)

> <SCARY THOUGHT FOR DAY>

What's really scarry is I had the same thought about a GAIN type network 
of spam zombies yesterday!  Were you eavesdropping on my thoughts in the 
shower?  <VBG>

> <HAPPY THOUGHT FOR DAY>
> If the above happened, the "legitimate" spyware programs would all look
> REALLY bad and be lambasted by the media, FTC, consumer groups, 
consumers,
> gophers, etc.
> </HAPPY THOUGHT FOR DAY>

Why can't spyware be prosecuted under current hacking laws (at least in 
the US) as an illegal use of computer resources - CPU cycles if nothing 
else?  For that matter, do the same with virus writers.