On May 12, 2009, at 11:16 PM, Steve Kemp wrote:
I wonder how people on the list deal with joe job attacks? Right now I accept all incoming messages which are addressed to valid recipients on the domains I host *AND* all incoming bounces. Accepting bounces blindly means that I wake up to 3000 forced bounce messages at least once every three weeks. Right now I "solve" this problem by filing all bounce messages into a dedicated bounce folder, via procmail.
I've decided to not accept bounces to addresses that are never envelope senders. For example, I subscribe to mailing lists and sign up at web sites with qmail-style "dashed" addresses, but I never send mail from these. So bounces are only accepted
for the addresses that I actually use to send mail.I understand this may break the RFC, but I cannot see why I should accept these messages.
denybounce
Description: Binary data
The attached plugin (sorry for what Apple Mail may be doing to the attachment) doesn't do regexp or anything, it was just a stop-gap measure when I wrote it but it worked out.
Ebay and the like sometimes send mail "on your behalf" so you need to be somewhat careful
when setting this up.The other thing you may want to look into is setting up DKIM for your domains, so that the joe-job messages can be stopped at transaction time by the target systems.
-Johan
