On Sat, Jun 05, 2004 at 12:23:14AM +0200, Bernd Eckenfels wrote: > In article <[🔎] 20040604183404.GL12051@linuxmafia.com> you wrote: > > It's possible you're taking that fact into account: I'd be curious to > > hear how you (or others) are ensuring that such bounces go somewhere > > appropriate. > > Well, fisrt of all, I accept mail for outgoing relay only from verified > sources, this includes SMTP AUTH or based on ip address. This is of course > not 100% secure. And second, you should try to not generate bounces. This > includes spam rejects, unknown mailboxes and virus alerts. All those must be > rejcted on the smtp level. This is all one can do in his own local > responsibility. > > For backup MX or centralized mail gateways it is therefore a matter of good > service to do all those rejections at the smtp level, which might involve > replicated addressbooks or even pipelining. > > A lot of organisations forget to include their backup mx into their mail > concept and are the main reaons for bounce-floods caused by malware or > faked-sender spam. (of course with open relays it does not help if you do > not bounce, but those are note the biggest source of spam). Direct delivery > from dialups or open proxies are much more common, at least for the large > mail providers. None of this (and the rest of the thread too, not picking on anyone in particulary) has much to do with Debian-security. Pehaps there is a more general place this thread can be taken.
Attachment:
pgp1KYDhvEaPJ.pgp
Description: PGP signature