SMTP Error from my server?

Ted Mittelstaedt tedm at toybox.placo.com
Tue Sep 18 00:56:45 PDT 2007 


> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Jay Chandler
> Sent: Monday, September 17, 2007 5:49 PM
> To: freebsd-questions at freebsd.org
> Subject: Re: SMTP Error from my server?
>
> >
> > This idea works fine for normal email addresses, but fails miserably
> > with certain types of automated email which is not intended for people
> > to reply to, and it also tends to lose out with TDMA
> > (http://tmda.net/).  More importantly, it also fails to work with
> > itself-- other people using "sender verification callouts" cause a
> > loop of failed deliveries, as neither side trusts the other.
> >
> The larger problem as well is that it doesn't scale.  Someone forging a
>  From header out of a botnet could easily DDoS a smaller server
> completely off the net if enough people implemented this system.
>

verizon.net implements this system and they are pretty big.  They put
in checks to the setup to prevent these scenarios from happening.

I don't like these systems myself as a gatekeeper but it isn't true
that these systems
cannot scale.  They can scale fine - at the cost of greatly increased
complexity of the logic in the system.

I will point out that Network Address Translation - a technology
that people take for granted and scale up all the time - has a far worse
increase in complexity (espically in implementations that handle
translation of all the normally not translatable protocols)

I would actually love to see someone implement sender-callback-verification
as a module in Spamassassin, where callback checks could be assigned a
point value.  In other words, failing sender-callback wouldn't automatically
get a message blocked - but failing would increase the point value of the
message
to make it more likely to be considered spam.

> Antispam measures that are in and of themselves abusive aren't generally
> considered to be good ideas.

It all depends on the implementation.  A good implementation of sender
callback is no worse than a good implementation of greylisting, and a
bad implementation of sender callback is as bad as a bad implementation
of greylisting.

Ted

More information about the freebsd-questions mailing list