From owner-freebsd-questions@freebsd.org  Wed Aug 10 14:31:58 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 71569BB4C2E
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 10 Aug 2016 14:31:58 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.70.90])
 by mx1.freebsd.org (Postfix) with ESMTP id 327B81007
 for <freebsd-questions@freebsd.org>; Wed, 10 Aug 2016 14:31:57 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: by cosmo.uchicago.edu (Postfix, from userid 48)
 id AF859CB8CB0; Wed, 10 Aug 2016 09:31:50 -0500 (CDT)
Received: from 128.135.52.6 (SquirrelMail authenticated user valeri)
 by cosmo.uchicago.edu with HTTP;
 Wed, 10 Aug 2016 09:31:50 -0500 (CDT)
Message-ID: <15992.128.135.52.6.1470839510.squirrel@cosmo.uchicago.edu>
In-Reply-To: <20160810070701.GB36980@box-hlm-03.niklaas.eu>
References: <VI1PR02MB0974A0FB1361638BDD437043F61A0@VI1PR02MB0974.eurprd02.prod.outlook.com>
 <2394887a809b4ad8e702d1d13bb1337c@mail.zplay.eu>
 <20160807180149.GC12411@len-t420.klaas>
 <44D296EC-FA25-4279-9501-8BB6B2DD86A6@mail.sermon-archive.info>
 <20160808063138.GA20037@box-hlm-03.niklaas.eu>
 <33245.128.135.52.6.1470667918.squirrel@cosmo.uchicago.edu>
 <20160810070701.GB36980@box-hlm-03.niklaas.eu>
Date: Wed, 10 Aug 2016 09:31:50 -0500 (CDT)
Subject: Re: Need advice for setting up mail server
From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To: freebsd-questions@freebsd.org
Reply-To: galtsev@kicp.uchicago.edu
User-Agent: SquirrelMail/1.4.8-5.el5.centos.7
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2016 14:31:58 -0000


On Wed, August 10, 2016 2:07 am, Niklaas Baudet von Gersdorff wrote:
> Valeri Galtsev [2016-08-08 09:51 -0500] :
>
>> > In /usr/local/etc/spamd/spamd.conf I use two of the example
>> > lists:
>> >
>> >   all:\
>> >     :uatraps:nixspam:
>> >
>> >   # University of Alberta greytrap hits.
>> >   # Addresses stay in it for 24 hours from time they misbehave.
>> >   uatraps:\
>> >     :black:\
>> >     :msg="Your address %A has sent mail to a ualberta.ca spamtrap\n\
>> >     within the last 24 hours":\
>> >     :method=http:\
>> >     :file=www.openbsd.org/spamd/traplist.gz
>> >
>> >   # Nixspam recent sources list.
>> >   # Mirrored from http://www.heise.de/ix/nixspam
>> >   nixspam:\
>> >     :black:\
>> >     :msg="Your address %A is in the nixspam list\n\
>> >     See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
>> >     :method=http:\
>> >     :file=www.openbsd.org/spamd/nixspam.gz
> [...]
>> quick question here. The alleged spam message was never accepted here,
>> instead "SMTP error is generated" telling one of the reasons above,
>> right?
>> In other words, this will not be a source of "backscatter" (to the
>> contrary to accepting message then sending non-delivery notification to
>> sender whose address could have been forged).
>
> spamd.conf(5) says:
>
>   Each blacklist must include a message, specified in the msg
>   capability as a string.  If the msg string is enclosed in
>   double quotes, the characters in the quoted string are escaped
>   as specified in getcap(3) with the exception that a colon (:)
>   is allowed in the quoted string.  The resulting string is used
>   as the mes- sage.  Alternatively, if the msg string is not
>   specified in quotes, it is assumed to be a local filename from
>   which the message text may be read.
>
>   The message is configured in spamd(8) to be displayed in the
>   SMTP dialogue to any connections that match addresses in the
>   blacklist.  The sequence \" in the message will produce
>   a double quote in the output.  The sequence %% will produce
>   a single % in the output, and the sequence %A will be expanded
>   in the message by spamd(8) to display the connecting IP address
>   in the output.
>
> Since the message is "to be displayed in the SMTP dialogue",
> I also think that backscatter isn't possible. As you said the
> message won't be accepted.
>
> In addition spamd(8) does the following:
>
>   When a sending host talks to spamd, the reply will be
>   stuttered.  That is, the response will be sent back a character
>   at a time, slowly.  For blacklisted hosts, the entire dialogue
>   is stuttered.  For greylisted hosts, the default is to stutter
>   for the first 10 seconds of dialogue only.
>
> So chances are quite high that a blacklisted malicious host will
> give up at some point (before getting the error) anyway.
>
>     Niklaas

Thanks Niklaas! Both of your posts are very instructive.

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++