Re: spf record

[Craig Sanders <cas@taz.net.au>]

On Fri, Jan 20, 2006 at 05:05:58PM +0100, Thomas Goirand wrote:
> once, my Qmail server had receive a mail bomb attack using a wide spread 
> virus that was sending mail to my server in order to produce a bounce 
> message for hotmail.com (which was the real goal of this attack). My 
> waiting queue was getting full, as well as my /var, and it was beginning 
> to be a real disaster... until I had the very good idea to implement 
> libspf on my qmail server (using the very good qmail-spp with plugins).

this is one of the many reasons why postfix and exim (and, in fact,
almost any other unix mail server) are better than qmail.

qmail accepts mail, THEN checks if it's for a valid address, and bounces
it if not.

both postfix and exim check whether the recipient address is valid while
at the RCPT TO stage of the SMTP session, and only accept the mail if it
is valid. if not, then it just issues a 5xx reject code.

this keeps the junk from clogging your queue and slowing down your
system, and it prevents you from generatihg bounces (i.e. backscatter)
from viruses and spam.


i believe there is some kind of patch for qmail to make it do the right
thing. no idea what it's called or where to get it. you should look for
it.

> SPF is not a protection for your customer, see it as a protection for
> you server, just like RBL checks: it's a low cpu filter that help you
> to disconnect spammers BEFORE the spam is sent...

SPF is *NOT* an anti-spam technology. it is an anti-forgery technology
- its purpose is to allow a domain owner to specify which hosts are
allowed to send mail claiming to be from their domain.  that's all.

note that spammers know about SPF and their domains often publish SPF
records (usually +all).

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)