[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#457318: ITP: qmail -- a secure, reliable, efficient, simple message transfer agent

Kalle Kivimaa <killer@debian.org> writes:
> Turbo Fredriksson <turbo@debian.org> writes:

>> reject at SMTP etc (and claims that this makes Qmail wide open for
>> spams is rubish - it's only if/when configured incorrectly that this
>> becomes a problem)

qmail-smtpd in djb's stock distribution with no patches is not capable of
being configured to prevent reflected spam.  I'll take various people's
word that the patch sets fix this.

> How can you configure the QMail to send error messages only to
> non-forged sender addresses? I don't see any way of differentiating
> these, so the only way to do it is during the SMTP session.

You verify the sender address during the SMTP session and don't accept the
mail if it's not for a valid local address.  This requires keeping some
sort of database or other information that qmail-smtpd can query to use to
reject unknown addresses immediately.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: