On 2008-10-08, Michael Boev (TRIC) <[EMAIL PROTECTED]> wrote: > To whom it may concern > > I suspected of, and later verified a case, in which spamd in > grey-trapping mode may be forced to a DOS. > > I use exactly this configuration, so I am concerned too. In this case I > am a FreeBSD user with a fresh > spamd-4.1.2 installed through ports(7). > > Conditions: > 1) A malicious user on machine 'S', who wants to deny mail service to > server 'A' on another server 'B'. This malicious user knows the > '[EMAIL PROTECTED]' greytrapping address. > 2) The server B is protected by spamd with greytrapping enabled. > 3) The server A verifies addresses of all smtp-senders. In my case it's > 'http://www.milter.info/sendmail/milter-sender/', although other > solutions may exist. The smtp callback is made with an empty ('<>') > return address.
Then maybe the operator of server A will consider what a retarded idea it is to do callback-verification. > Exclude sessions with empty (<>) MAIL FROM from greytrapping in spamd. you are joking, right?
