IP address reputation, BorderWare
am.lists
am.lists at gmail.com
Fri Mar 23 12:00:38 CET 2007
On 3/22/07, Raymond Dijkxhoorn <raymond at prolocation.net> wrote:
> Hi!
>
> > I see your point. Perhaps it depends on the order with which these checks
> > happen.
> >
> > My understanding is that our servers don't do SAV unless the inbound message
> > is for a real recipient (or alias). We prohibit the use of a "catch-all"
> > alias, so a dictionary attack on our server won't really have much effect on
> > you. Or am I wrong (we use SMF-SAV with Sendmail)? If I'm wrong, and the
> > milter initiates a verification even before checking to see if a recipient
> > exists, then I may have to re-evaluate our stance.
>
> We do the same, only check on valid users ... on our end, then check the
> remote.
>
I'm running MS on a gateway box (using Postfix). I recently added
recipient verification at the MTA after policyd. I figure that the
difference in disk utilization (more for the verify.db) is offset by
not quarantining junk to non-existent users and backscatter attacks.
I think that with everything else I'm doing to protect my users, SAV
isn't needed.
But that's my $0.02 worth.
Angelo
More information about the MailScanner
mailing list