[Mimedefang] Sender validation

Les Mikesell les at futuresource.com
Fri Jun 25 19:41:15 EDT 2004


On Fri, 2004-06-25 at 15:20, Jonas Eckerman wrote:
  
> >  rejects should start with
> >  a short life but live increasingly longer as the use count
> >  increases.
> 
> That could work. But that would also mean the database has to be updated for for every incoming mail. With a static (short) lifetime for rejects the databse would only have to be updated when a check has been done for an address.

If your server can't handle a database update, it's going to have
a hard time delivering or bouncing the message...

The thing I'm seeing recently looks like a distributed dictionary attack
probably from virus-infected PCs where the To: cycles through random
looking letter combinations but the From: has a much smaller set
of entries.   There might be several thousand a day from the same
address which is probably already being clobbered by bounces (maybe
that is the point of the virus) and these repeat as a new machine
finds the smtp receiver.  I thought it would be nice to avoid any
more connections to the spoofed From: hosts than necessary.  However,
maybe the greylist check should come first which would probably
avoid the issue in the first place.

---
  Les Mikesell
   les at futuresource.com




More information about the MIMEDefang mailing list