You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Charles Gregory <cg...@hwcn.org> on 2009/12/01 16:59:12 UTC
Re: [sa] Re: Filter question
On Tue, 1 Dec 2009, Wolfgang Zeikat wrote:
> Benny Pedersen wrote:
>> postfix reject_unverified_sender does a vrfy
> Nope. It opens an SMTP connection and waits what the receiving MTA
> answers to "RCPT TO"
> Then it closes the connection.
As a side note, among the other many evils of 'callback verification' I've
discovered that if you attempt callback on all the spam with forged yahoo
addresses, you will earn a 'reputation' with yahoo's servers that your
mail should be greylisted because it attempts to 'send mail' to too many
non-existent addresses. One more reason to NOT verify addresses this way.
- Charles
Re: [sa] Re: Filter question
Posted by Michael Scheidell <sc...@secnap.net>.
Charles Gregory wrote:
> On Tue, 1 Dec 2009, Wolfgang Zeikat wrote:
>> Benny Pedersen wrote:
>>> postfix reject_unverified_sender does a vrfy
>> Nope. It opens an SMTP connection and waits what the receiving MTA
>> answers to "RCPT TO"
>> Then it closes the connection.
>
> As a side note, among the other many evils of 'callback verification'
> I've discovered that if you attempt callback on all the spam with
> forged yahoo addresses, you will earn a 'reputation' with yahoo's
> servers that your mail should be greylisted because it attempts to
> 'send mail' to too many non-existent addresses. One more reason to NOT
> verify addresses this way.
>
I second that. ips.backscatter.org's blacklists have been discussed
here before, and you WILL get on their blacklist for doing this.
they explain why this is bad, and that you would be part of a DDOS
against an innocent third party.
(and, gee.. I have seen it). we had a hosted client who got a HUGE bill
from their DNS provider for 'excessive queries' from a backscatter attack.
they usually got 50,000 spams a month, well, this month, they got 7MM
spams (6.5MM of them were backscatter, bounces of emails they never
sent, sender callouts and CR emails).
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Re: [sa] Re: Filter question
Posted by Benny Pedersen <me...@junc.org>.
On tir 01 dec 2009 16:59:12 CET, Charles Gregory wrote
> servers that your mail should be greylisted because it attempts to
> 'send mail' to too many non-existent addresses. One more reason to
> NOT verify addresses this way.
well KISS to yahoo for not setting spf for there domains so we dont
need to call back for verifing senders
dkim is no option since mta needs full body header to test it
if yahoo dont get it, its simplier to just block yahoo senders
http://rfc-ignorant.org/tools/lookup.php?domain=yahoo.com
or just check if domain is on yahoo nameservers, but this will also
hit on yahoogroups with is okay, but all freemailers there soooks :))
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html