[milters] Archive

Lists Index Date Thread Search

Article: 1922
From: Christopher P. Lindsey
Date: 2008-12-10 15:46:40 -0500
Subject: Re: Comments on this backscatterer.org?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

----- "Bobby Rose" <brose@med.wayne.edu> wrote:

> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
> 
> http://www.backscatterer.org/   I've only seen this being used by
> mail.mailroute.net which is some isp that routes webmd.net mail and
> misc others.  I'm always seeing the flame discussions on the
> Spamassasin lists on callbacks so is  this practice on the way out?  I
> don't believe that I've actually seen anyone actually say that
> callbacks was the cause of a DoS.
> 
> Couldn't one also say that if you use greylisting that you are
> potentially causing a DoS for yourself.

We've been bitten by this one -- milter-sender ended up getting us
some blacklists.

They're argument is that less intelligent callback systems might
result in bounced messages to someone who never sent the message
in the first place, but I wonder why they're not using milter-null
then.

The weaker argument is that someone could end up with lots and lots
of callbacks from a forged message, bringing their site down.  Like
you say, I've never heard of anyone having that happen, though. 

Ultimately we ended up dropping milter-sender because it didn't have
a shared data pool for our multiple servers, so an email could end
up getting greylisted multiple times (once per server).  This RBL 
was just the nail in the coffin for us.

Chris

----------------------------------------------------------------------
Christopher Lindsey          Technical Program Manager
National Center for Supercomputing Applications (NCSA)


Lists Index Date Thread Search