[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains rules: REJECT vs. DENY

On Wed, 25 Jul 2001 17:12:22 PDT, Alvin Oga writes:
>> >Moral of that story is to make sure that you either run an ident
>> >server, or set it to REJECT.
>> Well, I wouldn´t (and don´t) run identd, since I have no intention of 
>>  revealing the name of the user running a particular service (in 
>if one runs identd...  any incoming email address to "fake@yourdomain.com"
>will get returned/bounced back to the sender as no such user...
>( you see a log in maillog etc that they tried to send soemthing )
>if you dont run identd... you receive and store that email addressed
>to fake.... and bounced locally to root/postmaster as non-deliverable
>locally ??

If my box would take mail for non-existent accounts it would have to 
 bounce them to the envelope-from, not some <ident-response@whereever>.

That has nothing to do with ident. Take one of my mails to debian-user 
 as example:

Received: from ka.graffl.net (someone?else@
  by murphy.debian.org with SMTP; 25 Jul 2001 23:24:41 -0000
Received: from WatchZwerg.waldner.priv.at
 (none_of_your_business@WatchZwerg.waldner.priv.at [])
 by ka.graffl.net (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id BAA08314
 for <debian-user@lists.debian.org>; Thu, 26 Jul 2001 01:24:38 +0200

The only source of mails to "someone?else@" or
 "none_of_your_business@WatchZwerg.waldner.priv.at" are spammers, but 
 such clueless ones usually also try to send mails to the message-id...

But of course sendmail does the right thing (it´s not exchange or 
 bloatus notes), it never even stores mails to unknown accounts, it 
 just issues a 5xx ("no such luser") in the smtp-conversation and that´s 

rcpt to:<someone?else@[]>
550 <someone?else@[]>... User unknown

rcpt to:<none_of_your_business@WatchZwerg.waldner.priv.at>
550 <none_of_your_business@WatchZwerg.waldner.priv.at>... User unknown

-- My name is sendmail.cf.
-- You killed my process.
-- Prepare to vi.

Attachment: pgpdFH5Hg2wIu.pgp
Description: PGP signature

Reply to: