Re: posfix SAV tarpitted

• Previous message: Mariano Cunietti: "reject_non_fqdn_hostname and RFC"
• Maybe in reply to: Len Conrad: "posfix SAV tarpitted"
• Next in thread: Len Conrad: "Re: posfix SAV tarpitted"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Zitat von Len Conrad <>:

>
> One of my clients IMGate/postfix boxes, which does inbound-only MX
> work, has been tarpitted by numerous IPs in these Class Cs:
>
> The Class C are:
>
> 204.9.240
> 204.9.241
> 204.9.242
> 204.9.243
> 204.9.244
> 204.9.245
> 204.9.246
> 204.9.247
>
> which are also found here:
>
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21043
>
> afaics, when postfix smtp SAV calls those IPs, the smtp session is
> held by the other end indefinitely, some kind of heart-beat that
> keeps postfix smtp from timing out.

Why SAV is a bad idea :

- It urges the spammer to use valid sender addresses which is really
bad for the
owner of this address and maybe the server hosting this address.

- It is a very expansive test to do and can lead to DoS yourself and maybe
unrelated others.

- It is very easy to pass for the spammers at the cost of unrelated victims
owning the address.

So the best idea would be to not use SAV at all or *only* after some
RBL checks
and maybe greylisting have been passed.

Regards

Andreas

• Previous message: Mariano Cunietti: "reject_non_fqdn_hostname and RFC"
• Maybe in reply to: Len Conrad: "posfix SAV tarpitted"
• Next in thread: Len Conrad: "Re: posfix SAV tarpitted"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]