[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to prevent being a 'bouncer' of evil mail?

Yves Junqueira wrote:
> That would be a possible sollution, yes. I'll research further (see
> below). The point is this is not just my case. Most BIG mail
> providers seem to have a gateway mailer in the front that is not
> aware of mail accounts. Do they bounce every fake message?

If their front-line MXes don't know which accounts are valid...  yes,
they send out fresh messages in response to spam and viruses sent to
nonexistent accounts.  Beyond AV scans, and a *very* limited spam-scan,
they can't really do much else without taking a big risk on silently
discarding *legitimate* email sent to a misspelled or
recently-deactivated email address.

It's the administrator's choice, and at one time not too long ago it
would have been perfectly acceptable- little or no spam and viruses. 
You'll probably see very vocal arguments on both sides, but most people
I've seen comment on the subject agree that "Accept everything then
bounce" is a Bad Thing.

> Anyway, now I figured that I don't need to get all account
> information from the "other server". I don't need passwords, just a
> list of valid logins. And then use that as a filter, at the 'smart'
> gateway.

Yep.  I've never set up exactly such a system, but for a while I had a
Linux box acting as a gateway for a Novell IMS machine that had some
related stupidity (DNS resolution speed issues, IIRC).  I was able to
just open a connection to the Novell box and issue RCPT TO: for each
recipient, because it wasn't *quite* so stupid as to accept mail for
nonexistent users.

I've been lucky enough to only work with *nix mail servers except for
that one Novell system- and it had some advantages I've yet to see in
any *nix system.  <g>

"Sendmail administration is not black magic.  There are legitimate
technical reasons why it requires the sacrificing of a live chicken."
   - Unknown

Reply to: