Kelson wrote:
Marc Perkel wrote:
Generally a dictionary attach uses randon to addresses, not from
addresses. Sender verification works on the from address.
And when your sender verification setup tries to verify a forged From:
address against my server, it uses it as the To: address. Add a bunch
of them together, and from my end, it looks exactly the same as a
dictionary attack.
And if I didn't use sender verification it scould result in a bounce
message to the address that I would have verified and the bounce
message is a far words problem than sender verification.
Well, it being the twenty-first century, we have this nifty tool
called SMTP Reject. You may have heard of it.
And even if you do insist on sending a bounce notice, if the address
is invalid the bounce is going to get rejected with User unknown
before DATA. And if the address is valid, you'll send me the bounce
notice anyway, *after* verifying it.
You don't seem to be familiar with Exim's features. I use sender
verification to do smtp reject. Whe they fail to verify I reject them at
SMTP time. And I don't use the recipient addredd in the verification
process. This avoinds the sending of bounce notices.
- Re: What's with UCEPROTECT List? Marc Perkel
-
