> -----Messaggio originale----- > Da: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED] > > ...omissis... > > I am really curious how do they behave when there's forged sender and > both > MTA's use this. Either they will cycle forever (so they will never know > if > either address is OK), or they will stop checking (so the spam will > pass > because spammer forged domain with SAV implemented) or the mail (even > legitimate!) just will not pass... > > Once I'll try this on two or more such systems (in parallel!) and see > if > they will DoS each other...
No, Matus: they don't cycle. An MTA willing to check the existence of a sender address would do this before its reply after end of DATA (i.e.: after having received the message). Instead, an MTA would inform its peer of a non-existent mailbox after RCPT-TO (with a 5XX error code), which is well before DATA. The checking system need not proceed to DATA in order to check the existence of a mailbox, so there is no cycle... > > > Also, SAV's drawbacks may probably be mitigated by caching the > results. > > I don't think so. The problem with first connection will still defeat > the > whole system... at SA level it may be much worse because your computer > will > spend much more CPU cycles when checking it. ... and no DoS. Caching would help, instead, when a large number of messages with the very same sender are received. This is a quite common pattern in spam. Giampaolo > > -- > Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Windows 2000: 640 MB ought to be enough for anybody
