[Mimedefang] Sender validation
Les Mikesell
les at futuresource.com
Fri Jun 25 19:41:15 EDT 2004
On Fri, 2004-06-25 at 15:20, Jonas Eckerman wrote:
> > rejects should start with
> > a short life but live increasingly longer as the use count
> > increases.
>
> That could work. But that would also mean the database has to be updated for for every incoming mail. With a static (short) lifetime for rejects the databse would only have to be updated when a check has been done for an address.
If your server can't handle a database update, it's going to have
a hard time delivering or bouncing the message...
The thing I'm seeing recently looks like a distributed dictionary attack
probably from virus-infected PCs where the To: cycles through random
looking letter combinations but the From: has a much smaller set
of entries. There might be several thousand a day from the same
address which is probably already being clobbered by bounces (maybe
that is the point of the virus) and these repeat as a new machine
finds the smtp receiver. I thought it would be nice to avoid any
more connections to the spoofed From: hosts than necessary. However,
maybe the greylist check should come first which would probably
avoid the issue in the first place.
---
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list