Date: Wed, 10 Aug 2016 09:31:50 -0500 (CDT) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: freebsd-questions@freebsd.org Subject: Re: Need advice for setting up mail server Message-ID: <15992.128.135.52.6.1470839510.squirrel@cosmo.uchicago.edu> In-Reply-To: <20160810070701.GB36980@box-hlm-03.niklaas.eu> References: <VI1PR02MB0974A0FB1361638BDD437043F61A0@VI1PR02MB0974.eurprd02.prod.outlook.com> <2394887a809b4ad8e702d1d13bb1337c@mail.zplay.eu> <20160807180149.GC12411@len-t420.klaas> <44D296EC-FA25-4279-9501-8BB6B2DD86A6@mail.sermon-archive.info> <20160808063138.GA20037@box-hlm-03.niklaas.eu> <33245.128.135.52.6.1470667918.squirrel@cosmo.uchicago.edu> <20160810070701.GB36980@box-hlm-03.niklaas.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, August 10, 2016 2:07 am, Niklaas Baudet von Gersdorff wrote: > Valeri Galtsev [2016-08-08 09:51 -0500] : > >> > In /usr/local/etc/spamd/spamd.conf I use two of the example >> > lists: >> > >> > all:\ >> > :uatraps:nixspam: >> > >> > # University of Alberta greytrap hits. >> > # Addresses stay in it for 24 hours from time they misbehave. >> > uatraps:\ >> > :black:\ >> > :msg="Your address %A has sent mail to a ualberta.ca spamtrap\n\ >> > within the last 24 hours":\ >> > :method=http:\ >> > :file=www.openbsd.org/spamd/traplist.gz >> > >> > # Nixspam recent sources list. >> > # Mirrored from http://www.heise.de/ix/nixspam >> > nixspam:\ >> > :black:\ >> > :msg="Your address %A is in the nixspam list\n\ >> > See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\ >> > :method=http:\ >> > :file=www.openbsd.org/spamd/nixspam.gz > [...] >> quick question here. The alleged spam message was never accepted here, >> instead "SMTP error is generated" telling one of the reasons above, >> right? >> In other words, this will not be a source of "backscatter" (to the >> contrary to accepting message then sending non-delivery notification to >> sender whose address could have been forged). > > spamd.conf(5) says: > > Each blacklist must include a message, specified in the msg > capability as a string. If the msg string is enclosed in > double quotes, the characters in the quoted string are escaped > as specified in getcap(3) with the exception that a colon (:) > is allowed in the quoted string. The resulting string is used > as the mes- sage. Alternatively, if the msg string is not > specified in quotes, it is assumed to be a local filename from > which the message text may be read. > > The message is configured in spamd(8) to be displayed in the > SMTP dialogue to any connections that match addresses in the > blacklist. The sequence \" in the message will produce > a double quote in the output. The sequence %% will produce > a single % in the output, and the sequence %A will be expanded > in the message by spamd(8) to display the connecting IP address > in the output. > > Since the message is "to be displayed in the SMTP dialogue", > I also think that backscatter isn't possible. As you said the > message won't be accepted. > > In addition spamd(8) does the following: > > When a sending host talks to spamd, the reply will be > stuttered. That is, the response will be sent back a character > at a time, slowly. For blacklisted hosts, the entire dialogue > is stuttered. For greylisted hosts, the default is to stutter > for the first 10 seconds of dialogue only. > > So chances are quite high that a blacklisted malicious host will > give up at some point (before getting the error) anyway. > > Niklaas Thanks Niklaas! Both of your posts are very instructive. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15992.128.135.52.6.1470839510.squirrel>