[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Qmail-sql 0.22pre4 is now available. The main change is the ability to check
whether a user exists or not _before_ accepting the mail: at smtp-level.
This protects against a specific type of spam-attack. Suppose you have a
domain 'foo.org'. A spammer chooses the non-existing address bar@xxxxxxx to 
send the junk. Complaints and bounces go to bar@xxxxxxxx With the new patch, 
the server immediately rejects this mails, which should save resources on 
your server and network.

It also protects your postmaster from getting too much bounces about spam
sent to non-existant users.

Why 'too much' ? Because it doesn't stop all mail to non-existant users. 
Suppose mail arrives for foo-test. There's no way for qmail-smtpd to check
whether ~foo/.qmail-test exists. So it will accept everything for foo-*.
Using the dotqmails-table it's possible to create these aliases without
.qmail-files but i didn't yet decide whether qmail-smtpd should disregard
the posibility of .qmail-files or not. Any remarks are appreciated !

Contrary to the previous 0.22pre1/2, this patch no longer has problems with
login-names containing a '-'.
The new feature should be explicitely enabled with 
'allowed_recipients_from_db yes'.