-----Original Message----- From: Spencer Stapleton [mailto:sstapleton(a)compass.net.nz] Sent: Thursday, 27 January 2005 12:51 a.m. To: b.zdrnja(a)auckland.ac.nz Cc: nznog(a)list.waikato.ac.nz Subject: RE: [nznog] backscatter attack
How does your receiving MTA determine what is a valid local user at point of delivery? LDAP lookups? Do you mind providing technical details? What MTA are you using?
All our e-mail systems use postfix as MTA. At the moment we use local hashed files which are built either in real time (when new account is added, a central machine pushes files to front end gateways and rebuilds hash files) or daily, when that suites (ie. for student e-mails which are added or removed once per day). This was done to speed up transition from the old system. We will soon move to LDAP based repository - it's very lightweight and, as was written in another post here as well, presents an ideal means of storing data.
Your right, it would have stopped most of the issues, but the sheer volume of mail we were receiving would have meant that the lookup themselves would have possibly been an issue. Definitely less of one than actually accepting it, even if we were >/dev/null'ing them though.
Lookups are usually totally inexpensive and MTA can cache results for a while. In emergency cases you can go to local hashed files (ie, if you have the data in LDAP you can export it to a text file and generate a hash), but I believe that, on a properly configured system, this won't be a problem. Cheers, Bojan -- Bojan Zdrnja, CISSP, RHCE Security Implementation Specialist Information Technology Systems and Services (ITSS) Ph 09 373-7599 x82035 The University of Auckland, New Zealand