From: Liviu Daia (no email)
Date: Sun Jun 02 2002 - 04:01:00 EDT
On 2 June 2002, Craig Sanders <> wrote:
> On Fri, May 31, 2002 at 02:53:22PM -0400, Wietse Venema wrote:
> > It's an idea. I haven't finished the design. All (client+sender)
> > tuples would be 4xx blacklisted by default, without using up any
> > storage. New verification requests would be queued, sorted and
> > uniqed so that the mechanism can't be DOSed too easily.
>
> this sounds like a really useful anti-spam feature, and i'd like to
> see the idea implemented in postfix one day.
>
> one thing occurs to me immediately, though - it would cause long
> delays on the receipt of messages from all VERP-enabled mailing lists,
> because every VERPed message has a unique sender address.
>
> perhaps there would need to be some programmable or configurable way
> of defining VERP patterns...so that we could tell postfix e.g. that
> yahoo groups VERPed addresses look like X and some other list looks
> like Y and so on.
[...]
> in fact, it would possibly be simpler to just interpret all addresses
> that matched the following pattern as being one sender:
>
> /sentto-.*@returns.groups.yahoo.com/
Pflogsumm has an option to rewrite VERP addresses like this:
$addr =~ s/-(return|\d+)-\d+-/-$1-ID-/o;
or like this:
$addr =~ s/-(\d+-)?[^=-]+=[^\@]+\@/\@/o;
> that would leave a loophole open for spammers to exploit, though.
Using a valid address from Yahoo would be a more straightforward
exploit path.
Regards,
Liviu Daia
-- Dr. Liviu Daia e-mail: Institute of Mathematics web page: http://www.imar.ro/~daia of the Romanian Academy PGP key: http://www.imar.ro/~daia/daia.asc - To unsubscribe, send mail to with content (not subject): unsubscribe postfix-users
|
|
|