|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: posfix SAV tarpitted
lst_hoe01
kwsoft.de
Date: Mon Oct 03 2005 - 05:22:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Zitat von Len Conrad <LConradGo2France.com>:
>
> One of my clients IMGate/postfix boxes, which does inbound-only MX
> work, has been tarpitted by numerous IPs in these Class Cs:
>
> The Class C are:
>
> 204.9.240
> 204.9.241
> 204.9.242
> 204.9.243
> 204.9.244
> 204.9.245
> 204.9.246
> 204.9.247
>
> which are also found here:
>
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21043
>
> afaics, when postfix smtp SAV calls those IPs, the smtp session is
> held by the other end indefinitely, some kind of heart-beat that
> keeps postfix smtp from timing out.
Why SAV is a bad idea :
- It urges the spammer to use valid sender addresses which is really
bad for the
owner of this address and maybe the server hosting this address.
- It is a very expansive test to do and can lead to DoS yourself and maybe
unrelated others.
- It is very easy to pass for the spammers at the cost of unrelated victims
owning the address.
So the best idea would be to not use SAV at all or *only* after some
RBL checks
and maybe greylisting have been passed.
Regards
Andreas
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]