[Mailman-Users] Has anyone actually implemented Postfix address verification for their sites?
brad at stop.mail-abuse.org
Sun May 7 22:36:08 CEST 2006
At 12:28 PM -0700 2006-05-07, John W. Baxter wrote:
> Of the Exim admins who use the feature and to whom I listen the most, the
> feeling seems to be that this test (a) needs to be done selectively, as some
> servers respond oddly or uselessly (eg Yahoo), and (b) should be done after
> other protections have not stopped a sender. We don't presently use the
> Exim feature.
I am currently testing this feature with "warn_if_reject", so
it's not actually rejecting any connections or messages that fail
verification, but it is doing all the other parts of the process.
And I do have it pushed all the way to the bottom of the stack of
things that are checked before a message is accepted -- after
white/black listing (both DNS-based lists and locally maintained),
after greylisting, after checking reverse DNS or confirming that the
HELO/EHLO command is given in a legal format, etc....
> Another useful defense can be to delay sending out the initial banner for a
> few seconds and/or delay sending the response to EHLO or HELO for a few
> seconds. Many of the spam engines just press on with the EHLO/HELO in the
> first case or the MAIL FROM: in the second case, and the receiving server
> can then reject the protocol violation (I don't know whether Postfix can do
Postfix does have a method of detecting and rejecting
unauthorized pipelining, and that feature is also turned on.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
LOPSA member since December 2005. See <http://www.lopsa.org/>.
More information about the Mailman-Users