João Miguel Neves pisze:
Charles Marcus escreveu:
Here's a link informing why indiscriminate use of SAV is bad, and what
it should be used for:
http://www.backscatterer.org/?target=sendercallouts
OK, I've finished reading and analyzing that text. My conclusion is
that there's no reason not to use reject_unverified sender.
In this answer I'm assuming 1) the postfix implementation of SAV and
that any implementation and 2) that MTAs implement the RFCs (so they
have a configuration that matches, for instance, the Book of Postfix).
There are 3 claims in that text:
1) That by disabling VRFY, a sysadmin has decided to disable all kind
of email address verification.
Most people disabled VRFY to prevent spammer tests for email
addresses, nothing else. If you want to disable all tests for email
addresses you accept all email for all email addresses, even
non-existing ones and later discard the invalid ones. That's the only
way to do it (and the reason why some of my clients are using
catch-all addresses that they redirect to /dev/null).
Well, if you discard any message which can be "real" message (not
containing viruses etc.) just with typos, you just have no users to
complain they didn't get important emails. That's it. In that case
(private SMTP with few addressess and small traffic) you won't probably
get blacklisted. The other scenario (many users, big traffic) ends up
with your server blacklisted.
Anyways - those clients which you mention, are in first scenario (few
emails), or they don't use business cards and commercials in
non-electronic forms, or there was no one to tell them what they are
missing.
2) That a spammer can create a DDOS using SAV.
You'll get a connection per server to which those were sent (postfix
caches the request, so it will only validate an email adress once).
SAV actually helps reduce the effect of the DDOS attack. In the
non-SAV scenario, you get 30 million bounce messages. In the SAV
cenario, each server does one check per email adress (that costs you
less bandwidth and disk space than a Bounce message) and that single
check will avoid several bounce messages.
That's not true. In some cases if you are checking envelope sender, you
can see <>. How do you think you can deal with it? While you can get few
thousands emails with forged return-path emails (existing or not - not a
problem). Now imagine that your server is not the only one which
received this amount of mails with same sender. Then you are performing
DDoS. Anyways - you should not bounce messages for non-existent users.
You should rather reject them (and that's efficient).
And what's the point of having catch-all address when you discard those
emails? Have on mind that you are still open to dictionary attacks. And
in most cases spammers don't care if your email is correct or not. Still
your emails are cool to be used for backscatter.
3) That SAV might create a loop.
The SAV check in postfix is done with the postmaster address by
default. If the target server does the same check back, then the SAV
server replies that postmaster is valid (assuming it's well-configured
and RFC-compliant).
Have I missed anything?
Well, to be honest, I believe you did. If you will do many checks to the
same server (have on mind large ISPs with many domains) with different
emails, then probably your server will get blacklisted to send email
from postmaster@ (at least). If you want explanation why, here it is:
SMTP session to do SAV check is naither an email from individual to
individual, nor message from receiver's system to sender. Of course it's
also not wanted by sender, so in any case - it's spam and your server
should be treated like any other spamming server. You hopefully
understand my point of view. You don't have to agree - it doesn't matter.
Maybe this thread is a good reason to create BL containing servers doing
large amounts of SAV checks? I'd be very happy if I could use such BL to
reject emails from postmaster at those domains (and probably <> also).
Pawel Lesniak
