Prev: What are the { curly } brackets for in main.cf?
Next: Postfix forward emails
From: mouss on 22 Jun 2010 18:43
Victoriano Giralt a �crit :
> On 22/6/10 12:54, Charles Marcus wrote:
>> On 2010-06-22 2:18 AM, Victoriano Giralt wrote:
>>> If you manage to cut them before they hit any real address you avoid
>>> crud entering your user's mailboxes.
>> It's called recipient validation, and if you aren't doing it, you're
>> doing it wrong.
> We DO recipient validation. I'm talking about cutting off the client
> before they hit a good one. The point I was making is that if you use
> something like fail2ban that detect an IP address that is doing a
> dictionary attack, and block the connection you reduce the probability
> of finding a recipient that will get validated.
>

I don't believe in that. a "motivated" spammer can get around fail2ban
and the like. such a spammer has enough IPs, networks, ... not only can
they try different addresses from different IPs, but they can even do
advanced analysis, which we can't.

here is what I've seen:

- spam from random places to random addresses.
- "snowshoe" spam to _valid_ addresses.

>> So add a spam filter. Just because an address isn't published anywhere
>> doesn't mean it won't be targeted.
> I know that, been doing email since '85. We are not allowed to filter
> mail (except viruses) by policy. So we need other anti spam meassures,
> once we accept mail we MUST deliver it (except for viruses).

we agree on the result: while I am "allowed" to filter mail, I prefer to
block it as soon as possible (and I'm not a member of the "plan for
spam" religion :)

First  |  Prev  | 
Pages: 1 2 3
Prev: What are the { curly } brackets for in main.cf?
Next: Postfix forward emails