Re: Spamhaus...

[John Peach <john-nanog () johnpeach com>]

On Fri, 19 Feb 2010 21:28:41 -0800
Scott Howard <scott () doc net au> wrote:

> On Fri, Feb 19, 2010 at 5:20 PM, William Herrin <bill () herrin us> wrote:
> > On Fri, Feb 19, 2010 at 3:30 PM, Rich Kulawiec <rsk () gsp org> wrote:
> > > Barracuda's engineers apparently think
> > > that using SPF stops backscatter -- and it most emphatically does not.
> > >
> > > Reject gooooood, bounce baaaaaaad. [1]
> >
> > Whine all you want about backscatter but until you propose a
> > comprehensive solution that's still reasonably compatible with RFC
> > 2821's section 3.7 you're just talking trash.
>
> In the case of Barracuda's long history of Backscatter the solution is
> simple, and is implemented by most other mail vendors - it's called
> "Don't accept incoming mail to an invalid recipient".
>
> Barracudas used to have no way of doing address validation for
> incoming mail, so they would accept it and then bounce it when the
> next hop (eg, the Exchange server) rejected the recipient address.
> They finally fixed this a few years ago, and can not integrate with
> LDAP (and possibly others) for address validation. Of course, it's
> still down to the admin to implement it...

FUD

I had a couple of these when they first came out; it was a much cheaper
alternative than the self-maintained postfix/spamassassin combination
we were using at that point and proved to be just as efficient.
Recipient validation was trivial, it was just not switched on by
default. LDAP integration was also trivial. IIRC it was called exchange
accelerator.



-- 
John