[Mailman-Users] Has anyone actually implemented Postfix address verification for their sites?

[Brad Knowles]

At 12:28 PM -0700 2006-05-07, John W. Baxter wrote:

>  Of the Exim admins who use the feature and to whom I listen the most, the
>  feeling seems to be that this test (a) needs to be done selectively, as some
>  servers respond oddly or uselessly (eg Yahoo), and (b) should be done after
>  other protections have not stopped a sender.  We don't presently use the
>  Exim feature.

	I am currently testing this feature with "warn_if_reject", so 
it's not actually rejecting any connections or messages that fail 
verification, but it is doing all the other parts of the process. 
And I do have it pushed all the way to the bottom of the stack of 
things that are checked before a message is accepted -- after 
white/black listing (both DNS-based lists and locally maintained), 
after greylisting, after checking reverse DNS or confirming that the 
HELO/EHLO command is given in a legal format, etc....

>  Another useful defense can be to delay sending out the initial banner for a
>  few seconds and/or delay sending the response to EHLO or HELO for a few
>  seconds.  Many of the spam engines just press on with the EHLO/HELO in the
>  first case or the MAIL FROM: in the second case, and the receiving server
>  can then reject the protocol violation (I don't know whether Postfix can do
>  that).

	Postfix does have a method of detecting and rejecting 
unauthorized pipelining, and that feature is also turned on.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See <http://www.lopsa.org/>.