[Mimedefang] Need advise on how to proceed.
David F. Skoll
dfs at roaringpenguin.com
Fri Jun 11 11:37:05 EDT 2004
On Fri, 11 Jun 2004, Brian McGraw wrote:
> 1. When does the DNSRBL checking happen?
> I've integrated the checks into Sendmail, not MD or SA.
Either at connection time or RCPT time, depending on the "delay_checks"
feature.
> 2. Do the DNSRBL checks happen before, or do they prevent, Sendmail from
> checking to see whether the recipient addresses of real or not?
They usually happen before.
> The reason I ask is that I believe a large part of what is slowing us
> down is all the "User unknown" replies generated by the dictionary
> attacks. Turning off the replies is not an option, unfortunately.
You **MUST** configure your mail network to reject invalid recipients
with a 5xx code at the MX server. The good old days of having a gateway
machine that lacks knowledge of valid internal addresses are gone; such
an architecture is unsustainable in today's hostile environment.
Depending on your setup, you might be able to use md_check_against_smtp_server
to reject bad recipients at the gateway, or you may have to
hook into LDAP or some other directory system. In the worst case,
you may have to re-architect your mail system.
> Also, if a spammer sends a piece of mail with 50 people CC'd, and
> the DNSRBL decides that sender is a spammer, does the rejection
> error get sent to the sender once, or once for each person he CC'd?
Once, I believe.
> I've also tried using the throttling technique in Sendmail to slow these
> attacks, but it doesn't really seem to have helped. Is there anything
> I'm missing? Are there any options available in MD to help put a stop
> to the attacks?
Did you read the list archive? See:
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-June/022774.html
--
David.
More information about the MIMEDefang
mailing list