On Saturday, December 27, 2003 5:14 PM [GMT-5=EST], Doug Luce <doug@nanog.con.com> wrote:
This reminds me:
I'm scared to death of false positives. So much so that every email that triggers a positive from Spamassassin (i.e. several thousand spams a day) gets a response. It tries to be as polite as possible, both by being good-natured in tone and by both a "Precedence: bulk" header and an application-specific X-header to break loops.
It's worked well enough for me to plan an implementation for an email system I run (servicing about 70k users). There are no real anti-DDOS provisions in it that would prevent someone from sending several million messages with a forged SMTP envelope to flood someone's mailbox quasi-anonymously.
I haven't ever heard of this sort of system being used. Other than the obvious problems (like above, and the fact that it generates a LOT of mail that's going nowhere). Does anyone know of a precedent? Or wants to pick apart the idea in terms of community effect?
Integrate SpamAssassin into your mailer daemon so it rejects in realtime. That way, the server trying to dump the spam on you gets a reject message right away, so that you don't generate a bounce yourself. Its unlikely to generate a bounce if its a proxy, as its not a real SMTP server obviously. I do this with EXIM - it lets the message go through until right after the DATA stage. Rejects as soon as the data stage is done. It also archives the message so I can review later/send to spamcop/whatever. I've been told this technically violates one of the RFCs, but I haven't been able to find anything to support that. The more you can do in realtime, the less likely that you'll generate unnecessary rejection traffic that might flood someone else. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org