a note to those who would automate their rejection notices
bruns at 2mbit.com
Sat Dec 27 22:24:14 UTC 2003
On Saturday, December 27, 2003 5:14 PM [GMT-5=EST], Doug Luce
<doug at nanog.con.com> wrote:
> This reminds me:
> I'm scared to death of false positives. So much so that every email that
> triggers a positive from Spamassassin (i.e. several thousand spams a day)
> gets a response. It tries to be as polite as possible, both by being
> good-natured in tone and by both a "Precedence: bulk" header and an
> application-specific X-header to break loops.
> It's worked well enough for me to plan an implementation for an email
> system I run (servicing about 70k users). There are no real anti-DDOS
> provisions in it that would prevent someone from sending several million
> messages with a forged SMTP envelope to flood someone's mailbox
> I haven't ever heard of this sort of system being used. Other than the
> obvious problems (like above, and the fact that it generates a LOT of mail
> that's going nowhere). Does anyone know of a precedent? Or wants to pick
> apart the idea in terms of community effect?
Integrate SpamAssassin into your mailer daemon so it rejects in realtime.
That way, the server trying to dump the spam on you gets a reject message
right away, so that you don't generate a bounce yourself. Its unlikely to
generate a bounce if its a proxy, as its not a real SMTP server obviously. I
do this with EXIM - it lets the message go through until right after the DATA
stage. Rejects as soon as the data stage is done. It also archives the
message so I can review later/send to spamcop/whatever. I've been told this
technically violates one of the RFCs, but I haven't been able to find anything
to support that.
The more you can do in realtime, the less likely that you'll generate
unnecessary rejection traffic that might flood someone else.
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
The AHBL - http://www.ahbl.org
More information about the NANOG