On Wed, Sep 26, 2007 at 02:03:03PM -0700, Rob wrote:
>While watching the connection logs, I've noticed that a large majority
Interesting. Do you think they pattern match on the response, or do you
think they disconnect if the initial greeting takes too long (spamd
"stutters" for the first 10 seconds, in its default settings)? I'd guess
the latter.
>[...]
>We've also been hit by backscatter, and I haven't had the time to
For some, signed envelope senders or variations thereof work. That
depends on a few circumstances.
The basic idea is this:
My email address is hannah@schlund.de. Normal mail installations would
send mails out with both the From header *and* the envelope sender set
to hannah@schlund.de. SES and similar schemes instead create a modified
sender address like TAG+hannah+timestamp+sig@schlund.de. That is used
in the envelope. The header From address is left unmodified. "TAG" is a
tag saying "this is a address created using the envelope signing
scheme", hannah is the original local part, timestamp can be made short
by making it have only day granularity, and perhaps even only days
modulo 2^.... sig is a MAC, created from the local part, the timestamp
and a host specific key.
When a legitimate bounce (empty envelope from) is received, it must be
in response to a mail recently sent out from our domain. If all mails
sent out from our domain use the envelope signing scheme, bounces need
only be accepted if they are to *signed* addresses that are recent
enough and have a valid MAC. Bounces that don't fulfill that can be
rejected (I'd reject after DATA or later so address verification will
not lead to false positive rejects in other situations). In addition,
bounces should be only addressed to exactly *one* recipient...
Some also use SRS (sender rewriting scheme, from the SPF people),
signing their own envelope as if the mail were forwarded, and accept
bounce traffic only to SRS'ed addresses.
