>> >> On Thu, 2005-06-09 at 14:58 +1200, Jeremy Bowen wrote: >> > On Thursday 09 June 2005 11:20 am, Jason Haar wrote: >> > > Jeremy Bowen wrote: >> > > "ignorant mail-admins" just about defines every standard Qmail install >> > > out there. That's exactly what Qmail does (and Exchange BTW). >> > >> > I know Exchange does this but I wasn't aware that the default qmail >> > installation bounced messages. I thought the default behaviour was to >> > accept >> > messages and then direct unknown addresses to a default alias. I wasn't >> > aware >> > that the accepted messages were subsequently bounced :-( >> >> Yes, qmail will always accept the email (if the destination domain is >> local, or we are a secondary MX, or we have been told to relay on behalf >> of this user. >> >> > > I agree that things like the goodrcptto patch can reduce this problem - >> > > but let's not forget who is really to blame here... >> > >> > I know who is to blame for that; Mail-admins who bounce messages they >> > should >> > never have accepted in the first place. >> >> Well, not exactly... they obviously didn't realise that they shouldn't >> accept the email in the first place... >> >> > The only mitigation is to reject unknown recipients (and to try to educate >> > others). If your MTA cannot handle a message, it should *not* accept it. >> > If, for some reason, you *do* accept it, you should NEVER bounce it. >> >> In my understanding, these 'back-scatter' problems are generally caused >> by someone's mail server acting as an relay (open relay) when they >> shouldn't, or some network/server admin not dis-connecting a naughty >> client when they should have. >> >> These two (open relay and not dis-connecting spammers) issues are the >> main cause of 'back-scatter' and these days, it seems to be some random >> PC is infected with a virus, which then somehow sends out all the spam, >> complete with the fake from address.... >> >> Regards, >> Adam >> >>
Hi, it is a "design principle" with qmail: there is no VRFY command, and RCPT does not check whether a local alias exists. The rationale behind this: if someone wants to find out actual mailboxes on a system, they would have to invest - create traffic. Of course this is pointless if it is not the spammers sending mails but rather infected machines (whose owners pay the bill) However, making it hard to assess valid addresses is still a valid point but needs other measures: First, greylisting is a good idea if management is willing to tolerate it (sometimes the pea counters believe that an unknown person sends a million euro order to competing companies, and the first one wins - the one greylisting would not be first :) rate limiting: if you receive more than x messages per minute from the same server, or with the same From address, send 4xx codes (If the receiving mta can actually check valid emails, make delaying more aggressive on bad ones) tarpitting: if someone tries to send the same message to more than x recipients at a time, RCPT delays (again, invalid addresses increase the effect) Limit bounces to the same From address Together: a single invalid address still sends a bounce (say a real mail sender mistyped an address) a single mail message is delivered without delay in order to enumerate valid addresses, one would have to mount an attack from MANY infected machines backscatter is reduced greatly Of course all of that only helps if the initial mail outbreak hits a server equipped like that About bouncing: I think most qmail servers only bounce undeliverables - nobody should send back messages determined to be spam And, lastly, a bit of ranting: too many servers that send bounces remove the full headers from the message - for an admin supervising a lot of windows boxes it would be helpful to find from the headers whether a flood of bounces is backscatter, or a response to one of the machines going mad Wolfgang Hamann ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
