On Tuesday 12 May 2009 22:16:14 Steve Kemp wrote:
> I wonder how people on the list deal with joe job attacks?
>
> Right now I accept all incoming messages which are addressed to
> valid recipients on the domains I host *AND* all incoming bounces.
Personally (and this is a private domain) I reject bounces addressed to non-
existent users - I don't see the point in accepting a bounce that hasn't got a
mailbox to be put into.
I have a check recipients hook that I wrote that reads the qmail config of
users (/var/qmail/users/assign) and validates the user from there, including
qmails idea of prefix addresses and custom aliases via /var/qmail/alias so
that, for example, any address starting 'tim_' will be delivered to me.
This way I have a handful of known aliases (postmaster etc) and a set of
limited wildcard patterns (rather than a complete catch-all) so that I can
hand out different accounts to different places without having to reconfigure
mail filters etc.
I then change the reply message depending on whether it looks like a bounce or
not
if (CanBeDelivered($user => $self->{_assign}))
{
$self->log(LOGDEBUG, "$user accepted");
return DECLINED;
}
my $sender = $transaction->sender->address;
$sender = "" unless defined $sender;
$self->log(LOGDEBUG, "check_goodrcptto: $user is rejected, tell $sender");
# genuine mistake or, more likely, spammers flooding us
return(DENY, "No such account - mail to $user not accepted here")
unless (not(defined($sender)) or $sender eq "");
# bounce of email form a non-existant user - recommend SPF
return(DENY, "No such account as $user - checking SPF records would prevent
bouncing of joe-job emails");
I very rarely get joe-job bounces in this way, and all genuine bounces still
come thru.
--
Tim
