Wow. It seems that my experience with the E-Mail has been fairly mild compared to some of the horror stories you guys have dealt with. I guess we've been lucky. We had one "attack" where someone was using us to relay spam, and I immediately yanked the server completely offline. That day, I wrote a very simple filter app to allow ONLY the very basic SMTP commands through, and that stopped the relaying. Then we realized they started using NDRs to bounce back their spam, so I added the ability for the thing to check a valid user list, and that stopped the NDR. Then we started getting viruses, so I just had the app drop the E-Mails to the harddrive to see if the antivirus nabbed it, and that stopped that. I also added a check to stop E-Mails with executable (.bat, .msi, etc.) attachments, and attachments that were too big.
Now I'm at the spam portion of my little story, so that's what brought me here. All things said and done, it sounds like we've had it pretty easy so far. Then again, when you're only processing 500 E-Mails a day, I suppose we just don't see enough volume that we would've even noticed some of the problems you guys are having. :/ -Aaron -----Original Message----- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:04 PM To: users@spamassassin.apache.org Subject: RE: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?) Matt Kettler wrote: > > No.. bounce after accept means to not validate the recipient until > after the whole SMTP session is done. > > ie: a server set up to queue and forward all mail for a domain to an > internal server without any checks of the recipient at all. Later the > internal server rejects the mail because the user doesn't exist, > resulting in a post-delivery bounce message being generated. > > Most servers of this sort also self-flood with double-bounce messages. That's one of the reasons I scrapped the Symantec AntiVirus Gateway in favor of a linux box with SA and ClamAV. It just couldn't keep up with the flood of double-bounces. Not to mention having to do virus scans for all of the dictionary attacks. -- Bowie
