Need advice for setting up mail server

Niklaas Baudet von Gersdorff stdin at niklaas.eu
Wed Aug 10 07:07:06 UTC 2016


Valeri Galtsev [2016-08-08 09:51 -0500] :

> > In /usr/local/etc/spamd/spamd.conf I use two of the example
> > lists:
> >
> >   all:\
> >     :uatraps:nixspam:
> >
> >   # University of Alberta greytrap hits.
> >   # Addresses stay in it for 24 hours from time they misbehave.
> >   uatraps:\
> >     :black:\
> >     :msg="Your address %A has sent mail to a ualberta.ca spamtrap\n\
> >     within the last 24 hours":\
> >     :method=http:\
> >     :file=www.openbsd.org/spamd/traplist.gz
> >
> >   # Nixspam recent sources list.
> >   # Mirrored from http://www.heise.de/ix/nixspam
> >   nixspam:\
> >     :black:\
> >     :msg="Your address %A is in the nixspam list\n\
> >     See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
> >     :method=http:\
> >     :file=www.openbsd.org/spamd/nixspam.gz
[...]
> quick question here. The alleged spam message was never accepted here,
> instead "SMTP error is generated" telling one of the reasons above, right?
> In other words, this will not be a source of "backscatter" (to the
> contrary to accepting message then sending non-delivery notification to
> sender whose address could have been forged).

spamd.conf(5) says:

  Each blacklist must include a message, specified in the msg
  capability as a string.  If the msg string is enclosed in
  double quotes, the characters in the quoted string are escaped
  as specified in getcap(3) with the exception that a colon (:)
  is allowed in the quoted string.  The resulting string is used
  as the mes- sage.  Alternatively, if the msg string is not
  specified in quotes, it is assumed to be a local filename from
  which the message text may be read.

  The message is configured in spamd(8) to be displayed in the
  SMTP dialogue to any connections that match addresses in the
  blacklist.  The sequence \" in the message will produce
  a double quote in the output.  The sequence %% will produce
  a single % in the output, and the sequence %A will be expanded
  in the message by spamd(8) to display the connecting IP address
  in the output.

Since the message is "to be displayed in the SMTP dialogue",
I also think that backscatter isn't possible. As you said the
message won't be accepted.

In addition spamd(8) does the following:

  When a sending host talks to spamd, the reply will be
  stuttered.  That is, the response will be sent back a character
  at a time, slowly.  For blacklisted hosts, the entire dialogue
  is stuttered.  For greylisted hosts, the default is to stutter
  for the first 10 seconds of dialogue only.

So chances are quite high that a blacklisted malicious host will
give up at some point (before getting the error) anyway.

    Niklaas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160810/1d82ee55/attachment.sig>


More information about the freebsd-questions mailing list