> When you're hit with a dictionary attack we all know they send to
> thousands of addresses at the domain. If the final delivery address
> is invalid the server creates an "Unknown User" (or whatever it's
> called) message that it tries to send back to the sender. If you
> have high queue retires those messages sit in the queue for a long
> time being retried over and over again. At least that's what appears
> to be happening to me.
There is no bounce message generated for unknown users. If a mail
server knows that users are invalid, the rejection happens during the
SMTP envelope. No incoming or outgoing message is spooled to disk.
The ideal situation is to not only reject at the envelope (i.e. do
_not_ use 'nobody'), but to also perform intelligent checks on your
logs to defuse repeat (or, if possible, in-progress) attacks from
suspect IPs. Under no circumstances is 'nobody' alone a responsible or
best-practices deployment.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
