On Thursday 09 September 2004 01.33, Ruth A. Kramer wrote: > Adrian 'Dagurashibanipal' von Bidder wrote: > > On behalf of all joe-job victims: Whatever you do, *please* do it in a > > way that allows you to know whether mail is going to be delivered at > > the front-end incoming SMTP server. (should be trivial if your user > > database is in LDAP or some SQL db or whatever.) > > On behalf of the lurkers here who are not experienced admins (am I the > only one?), could someone elaborate a little more on the above? Your guess is mostly correct. Herre is what happens: A spammer uses my email address as the sender address in spam frequently. Now this would be a minor annoyance alone because my name is connected with spamming. Now, much of the spam the spammer sends out is for invalid email addresses (like johnnyREMOVETHIS@example.com and the like, and addresses that don't exist anymore, or "addresses" that are really message-IDs etc. etc). If the domain part of the address does not exist, that's no problem - the mail sending software of the spammer won't find a mail server to send the mail to. But if the spammer can get the message to a mail server, two things can happen: (i) the recipient mail server behaves properly and rejects the mail right in the SMTP transaction (with 550 User unknown or whatever). Because the spammer's software is no proper mailserver, it doesn't handle this like a mailserver and instead just discards the message. (ii) if the recipient mailserver is configured to accept all mail (because it's qmail, or MS Exchange, or because it's a front-end mailserver which doesn't know about which users exist, for example a backup MX), I'm in trouble because that mailserver will see that the mail can not be delievered, and so it generates a bounce to whatever address is in the envelope sender of the spam. So, I sometimes suddenly have 2000 new mails in my inbox :-( (Actually, in my _bounces folder, and so it doesn't bother me that much, and since I've disabled spamassassin for bounces, the server load doesn't go through the roof anymore, either. But still, there's the chance thtat I miss a real bounce in the flood.) So, that's my plea to everybody with big mail installations: make your frontend machines aware of what mail they are supposed to accept, so that you never need to bounce. (Ok, some cases will still bounce: disk full, procmail script errors etc., but these are a very small proportion.) And the other plea is, of course, get rid of qmail and other products which accept all mail by default. (And, lately, a noticeable proportion of such spam 'bounces' have been by systems like TMDA and cousins. I take a certain sadistic pleasure in confirming these mails whenever I have the time. Sorry, folks.) So long -- vbi -- Protect your privacy - encrypt your email: http://fortytwo.ch/gpg/intro
Attachment:
pgpnYtpgnN9m3.pgp
Description: PGP signature