From: João Miguel Neves (joao.nevesintraneia.com)
Date: Tue Feb 10 2009 - 15:20:49 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Paweł Leśniak escreveu:
> João Miguel Neves pisze:
>> Charles Marcus escreveu:
>>> Here's a link informing why indiscriminate use of SAV is bad, and what
>>> it should be used for:
>>>
>>> http://www.backscatterer.org/?target=sendercallouts
>> OK, I've finished reading and analyzing that text. My conclusion is
>> that there's no reason not to use reject_unverified sender.
>>
>> In this answer I'm assuming 1) the postfix implementation of SAV and
>> that any implementation and 2) that MTAs implement the RFCs (so they
>> have a configuration that matches, for instance, the Book of Postfix).
>>
>> There are 3 claims in that text:
>>
>> 1) That by disabling VRFY, a sysadmin has decided to disable all kind
>> of email address verification.
>>
>> Most people disabled VRFY to prevent spammer tests for email
>> addresses, nothing else. If you want to disable all tests for email
>> addresses you accept all email for all email addresses, even
>> non-existing ones and later discard the invalid ones. That's the only
>> way to do it (and the reason why some of my clients are using
>> catch-all addresses that they redirect to /dev/null).
> Well, if you discard any message which can be "real" message (not
> containing viruses etc.) just with typos, you just have no users to
> complain they didn't get important emails. That's it. In that case
> (private SMTP with few addressess and small traffic) you won't
> probably get blacklisted. The other scenario (many users, big traffic)
> ends up with your server blacklisted.
> Anyways - those clients which you mention, are in first scenario (few
> emails), or they don't use business cards and commercials in
> non-electronic forms, or there was no one to tell them what they are
> missing.
Yes, the couple of clients that do that are aware of the cost.

>> 2) That a spammer can create a DDOS using SAV.
>>
>> You'll get a connection per server to which those were sent (postfix
>> caches the request, so it will only validate an email adress once).
>>
>> SAV actually helps reduce the effect of the DDOS attack. In the
>> non-SAV scenario, you get 30 million bounce messages. In the SAV
>> cenario, each server does one check per email adress (that costs you
>> less bandwidth and disk space than a Bounce message) and that single
>> check will avoid several bounce messages.
>>
> That's not true. In some cases if you are checking envelope sender,
> you can see <>. How do you think you can deal with it? While you can
> get few thousands emails with forged return-path emails (existing or
> not - not a problem). Now imagine that your server is not the only one
> which received this amount of mails with same sender. Then you are
> performing DDoS. Anyways - you should not bounce messages for
> non-existent users. You should rather reject them (and that's efficient).
<> won't generate a sender check. So what would be the problem generated
by SAV here?
> And what's the point of having catch-all address when you discard
> those emails? Have on mind that you are still open to dictionary
> attacks. And in most cases spammers don't care if your email is
> correct or not. Still your emails are cool to be used for backscatter.
The catch-all doesn't apply here. Was just an example on how to avoid
dictionary attacks for probing addresses.
>> 3) That SAV might create a loop.
>>
>> The SAV check in postfix is done with the postmaster address by
>> default. If the target server does the same check back, then the SAV
>> server replies that postmaster is valid (assuming it's
>> well-configured and RFC-compliant).
>>
>> Have I missed anything?
> Well, to be honest, I believe you did. If you will do many checks to
> the same server (have on mind large ISPs with many domains) with
> different emails, then probably your server will get blacklisted to
> send email from postmaster (at least). If you want explanation why,
> here it is: SMTP session to do SAV check is naither an email from
> individual to individual, nor message from receiver's system to
> sender. Of course it's also not wanted by sender, so in any case -
> it's spam and your server should be treated like any other spamming
> server. You hopefully understand my point of view. You don't have to
> agree - it doesn't matter.
Yes, I understand the point of view. I'm just trying to understand if it
is really worst or better in terms of resource consumption.
> Maybe this thread is a good reason to create BL containing servers
> doing large amounts of SAV checks? I'd be very happy if I could use
> such BL to reject emails from postmaster at those domains (and
> probably <> also).
It wouldn't be useful for you, as Noel Jones pointed out, postfix isn't
using postmaster for SAV since 2.5.

Best regards,
João Miguel Neves

--
Intraneia
http://www.intraneia.com/

Suporte a Software Livre
Tradução/Localização de software e sítios web
Desenvolvimento de software

Ao seu serviço...

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]