Need advice for setting up mail server
Valeri Galtsev
galtsev at kicp.uchicago.edu
Wed Aug 10 14:31:58 UTC 2016
On Wed, August 10, 2016 2:07 am, Niklaas Baudet von Gersdorff wrote:
> Valeri Galtsev [2016-08-08 09:51 -0500] :
>
>> > In /usr/local/etc/spamd/spamd.conf I use two of the example
>> > lists:
>> >
>> > all:\
>> > :uatraps:nixspam:
>> >
>> > # University of Alberta greytrap hits.
>> > # Addresses stay in it for 24 hours from time they misbehave.
>> > uatraps:\
>> > :black:\
>> > :msg="Your address %A has sent mail to a ualberta.ca spamtrap\n\
>> > within the last 24 hours":\
>> > :method=http:\
>> > :file=www.openbsd.org/spamd/traplist.gz
>> >
>> > # Nixspam recent sources list.
>> > # Mirrored from http://www.heise.de/ix/nixspam
>> > nixspam:\
>> > :black:\
>> > :msg="Your address %A is in the nixspam list\n\
>> > See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
>> > :method=http:\
>> > :file=www.openbsd.org/spamd/nixspam.gz
> [...]
>> quick question here. The alleged spam message was never accepted here,
>> instead "SMTP error is generated" telling one of the reasons above,
>> right?
>> In other words, this will not be a source of "backscatter" (to the
>> contrary to accepting message then sending non-delivery notification to
>> sender whose address could have been forged).
>
> spamd.conf(5) says:
>
> Each blacklist must include a message, specified in the msg
> capability as a string. If the msg string is enclosed in
> double quotes, the characters in the quoted string are escaped
> as specified in getcap(3) with the exception that a colon (:)
> is allowed in the quoted string. The resulting string is used
> as the mes- sage. Alternatively, if the msg string is not
> specified in quotes, it is assumed to be a local filename from
> which the message text may be read.
>
> The message is configured in spamd(8) to be displayed in the
> SMTP dialogue to any connections that match addresses in the
> blacklist. The sequence \" in the message will produce
> a double quote in the output. The sequence %% will produce
> a single % in the output, and the sequence %A will be expanded
> in the message by spamd(8) to display the connecting IP address
> in the output.
>
> Since the message is "to be displayed in the SMTP dialogue",
> I also think that backscatter isn't possible. As you said the
> message won't be accepted.
>
> In addition spamd(8) does the following:
>
> When a sending host talks to spamd, the reply will be
> stuttered. That is, the response will be sent back a character
> at a time, slowly. For blacklisted hosts, the entire dialogue
> is stuttered. For greylisted hosts, the default is to stutter
> for the first 10 seconds of dialogue only.
>
> So chances are quite high that a blacklisted malicious host will
> give up at some point (before getting the error) anyway.
>
> Niklaas
Thanks Niklaas! Both of your posts are very instructive.
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-questions
mailing list