On Mon, 2009-07-27 at 19:56 +0200, Martijn de Munnik wrote: > I guess I need prohibit the catch all account and offer the solution > with the delimiter instead. That way all spam to bogus email addresses > get rejected because the address does not exist. > > But still I wonder if there is a way to stop the spam attack. The > catchall account did exist for a long time but was under attack only > for a short period (couple of hours). Is there a way to limit the > effect of such attacks? The user normally only receives about 10 > messages per hour. So hundreds of messages per hour is a clear sign > that a spam attack is happening.
I have another almost similar issue with domains we relay mail for. Our mail servers are in the mx records for that domain and we receive their mail, but it is forwarded (using the transport file) to the final mail server (mostly MS exchange servers in the customers' office). We act as spam filter, their mail server only needs to accept mail from our mail servers. Of course we don't know which email addresses are valid so all mail for the domain is accepted on our servers. Is there a way to check for a valid email before accepting the mail? I was thinking about greylisting the mail. In the greylist period our server could check the validity of the email address on the final server using a short smtp session (helo, mail from, rcpt to and check for 250 ok ). This info can be stored in a db or file so after the greylist period a decision to accept the mail can be made? Of course the discision needs to expire so our customers can add and remove email addresses on their server. Has this been done before? Is this a good idea? Martijn de Munnik -- YoungGuns Kasteleinenkampweg 7b 5222 AX 's-Hertogenbosch T. 073 623 56 40 F. 073 623 56 39 www.youngguns.nl KvK 18076568
