On Fri, 8 Feb 2008, Peter N. M. Hansteen wrote:
>Raimo Niskanen <[EMAIL PROTECTED]> writes:
>
>> If a backscatter gets through to sendmail, and it is to an invalid
>> user, what is the proper thing for sendmail to do? My sendmail
>> most probably does the default, which I guess is to bounce the mail.
>
>yes, if you receive a message intended for a non-existing user, you
>most likely bounce with 'unknown user' or the equivalent. it's the
>other end, where spam apparently gets delivered, that's making more
>noise than necessary by bouncing messages that should have simply been
>forwarded to /dev/null instead.
While I agree with most of what you're saying, quietly dropping messages
identified as spam is _not_ the best way of handling them -- since it's
rarely possible to be 100% certain that a message really is spam, and
it's harmful to not notify the sender that a legitimate message has not
been delivered.
We'd all be a lot better off if everyone running a mail server went to
the extra effort of configuring their server to reject as many problem
messages as possible during the SMTP session rather than accepting them
and then having to either drop them without notice or send a failure
message to the 'from' header address. That way the sender of legitimate
messages gets notified of any problems, but the server doesn't
contribute to the 'distributed mail-bombing' caused by forged 'from'
header addresses in spam. While it's not possible to do this in _all_
cases, bad addresses can be handled at the SMTP 'rcpt to' command with
(usually) very little effort and greylisting (and associated tools) can
reject a large fraction of spam messages at this stage.
Dave
--
Dave Anderson
<[EMAIL PROTECTED]>
