[Esd-l] spam / From address verifier
John D. Hardin
jhardin at impsec.org
Mon Aug 5 06:44:01 PDT 2002
On Mon, 5 Aug 2002, Peter Warasin wrote:
> > Bear in mind the overhead of a response mail attempt on every inbound
> > message. You probably only want to do this if the message fails a
> > whitelist check.
>
> hm.. yes.. the mailserver is also a target for dos-attacks if the script
> is runnig. if someone is sending mails with an emailadress of an
> inexistent domain and the mailserver let it pass, or if the lookup for
> mx-hosts results an inexistent host, the script must wait for the
> dns-timeout.
> i think thats the greater problem but i have no chance to solve this. :(
Spammers regularly send long lists of sequentially or randomly
generated email addresses in the hopes of getting a "hit". Fortunately
they don't actually try to generate an email, so they wouldn't DoS you
by doing this.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
135 days until The Two Towers
More information about the esd-l
mailing list