a note to those who would automate their rejection notices
Brian Bruns
bruns at 2mbit.com
Sat Dec 27 22:24:14 UTC 2003
On Saturday, December 27, 2003 5:14 PM [GMT-5=EST], Doug Luce
<doug at nanog.con.com> wrote:
> This reminds me:
>
> I'm scared to death of false positives. So much so that every email that
> triggers a positive from Spamassassin (i.e. several thousand spams a day)
> gets a response. It tries to be as polite as possible, both by being
> good-natured in tone and by both a "Precedence: bulk" header and an
> application-specific X-header to break loops.
>
> It's worked well enough for me to plan an implementation for an email
> system I run (servicing about 70k users). There are no real anti-DDOS
> provisions in it that would prevent someone from sending several million
> messages with a forged SMTP envelope to flood someone's mailbox
> quasi-anonymously.
>
> I haven't ever heard of this sort of system being used. Other than the
> obvious problems (like above, and the fact that it generates a LOT of mail
> that's going nowhere). Does anyone know of a precedent? Or wants to pick
> apart the idea in terms of community effect?
>
Integrate SpamAssassin into your mailer daemon so it rejects in realtime.
That way, the server trying to dump the spam on you gets a reject message
right away, so that you don't generate a bounce yourself. Its unlikely to
generate a bounce if its a proxy, as its not a real SMTP server obviously. I
do this with EXIM - it lets the message go through until right after the DATA
stage. Rejects as soon as the data stage is done. It also archives the
message so I can review later/send to spamcop/whatever. I've been told this
technically violates one of the RFCs, but I haven't been able to find anything
to support that.
The more you can do in realtime, the less likely that you'll generate
unnecessary rejection traffic that might flood someone else.
--
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org
The AHBL - http://www.ahbl.org
More information about the NANOG
mailing list