Message
Re: [~Disarmed~] Re: [milter-greylist]
2008-03-20 by Eduardo Casarero
Just, points of view.
On Thu, 20 Mar 2008 14:03:51 +0100, Ondrej Valousek wrote
> I think that milter-ahead is not a good solution - you put all the
> burden of dictionary attacks / other malicious activities to your
> internal mail server.
> A perfect solution is a commercial sendmail which has support for LDAP
> lookup.
> For those (like me) who use the opensource alternative I would suggest
> creating a cron-job that would feed the 'access' sendmail database with
> a list of valid recipients. In my case the cron script gathers the
> recipients from AD.
>
> This way can achieve the following advantages:
> - no sendmail or milter software is necessary to be allowed to connect
> to your internal LDAP server.
>; - in case of milter crash, you still continue filtering invalid recipients
> - you remove quite some load from milter-greylist
> - you can introduce the sendmail's bad RCPT throttling to avoid
> dictionary attacks (BAD_RCPT_THROTTLE)
> - much better solution than milter-ahead or similar
>
> Ondrej
>
> Wayne Spivak wrote:
> >
> > Examining my greylist.db I find a large number of whitelisted addresses
> > don't have
> > sender e-mail addresses, and by in large (I'd say close to 99% of the
> > emails are being sent to non-existent users - in other words they are all
> >; spam).
> >
> > How do I configure Milter-Greylist to blacklist these e-mails or blacklist
> > people sending to non-existent email addresses (which can be
> > problematic if
> > someone misspells a username?
> >
> > Thx
> >
> > Wayne
> >
> >
>
>
Eduardo Casarero
Informatica Avanzada SRL.