Quick Sendmail access question
Julian Field
MailScanner at ecs.soton.ac.uk
Wed Feb 23 21:36:34 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
In our experience, it saves you in dictionary attacks. I believe it
watches for things like Exchange dying.
You can build a list of valid recipients, but it is much more work than
installing milter-ahead.
But only Exchange 2k3 will reject addresses that don't exist, and even
then it isn't enabled by default (heaven only knows why not!)
Peter Russell wrote:
> But on a busy server this could kill exchange, esp during a dictionary
> attack? Would this be the same as doing, manually, a truckload of LDAP
> requests? Also doesnt it mean your gateway depsnd on exchange being up
> and available to recieve mail?
>
> ISnt it betterer to build an list of va,lid recipients and use this as a
> recipient or access list on your MTA - if in list accept connection, if
> not in list reject connection?
>
> Cos we have Exchange 2k3 (yes we love email downtime)- if your way is
> better? then we can look at this as well :)
>
>
>
>
>
> Julian Field wrote:
>
>> Once you have done the Exchange change, you need to install
>> "milter-ahead" into sendmail, which is pretty easy. Start at
>> http://www.milter.info/milter-ahead/index.shtml
>>
>> This will make your sendmail setup check that each recipient is valid on
>> your Exchange server before accepting the incoming message at all. It
>> uses all sorts of clever caching techniques to make this a remarkably
>> low-load test. It works *very* well indeed.
>>
>> David C.M. Weber wrote:
>>
>>> I am actually using exchange 2k3.
>>>
>>> I was looking for something a bit more generic for all exchange
>>> users to
>>> use. A HTTP/HTTPS option is especially attractive because my
>>> Mailscanner box is also acting as an OWA proxy, so this service is
>>> already available.
>>>
>>> This solution is actually using an ASP script on the Exchange box to
>>> gather the addresses, so it eliminates some issues that I had w/ the
>>> Putty file push in the MAQ.
>>>
>>> Be more than happy to hear any alternatives though.
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>
>> --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> Professional Support Services at www.MailScanner.biz
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list