--- Jim Maul <[EMAIL PROTECTED]> wrote: > John D. Hardin wrote: > > On Tue, 10 Apr 2007, J. wrote: > > > >> I didn't realize that most people are denying smtp connections for > >> bad addresses. That's great that this is possible. So most of the > >> people on this list reject connections that are for bad addresses? > >> That's great. I think that would cut down the spam we get by 90%. > >> I had no idea this was possible. > > > > That's not *quite* what we're talking about. Sorry if this is a > rehash > > of what you already know: > > > > Proper behavior is to check addresses *during* the SMTP > conversation > > with the submitting MTA/MUA, and reject invalid/nonexistent address > as > > the other guy submits them. If any valid addresses are submitted, > the > > mail goes through. If no valid addresses are submitted, it is up to > > the *other guy* to take some action, such as notifying the sender > the > > mail couldn't be delivered. The connection itself is not blocked or > > rejected, though you could set up a log watcher to detect IPs that > > continually submit bad addresses and firewall/tarpit them. > > > > A bulk spam mail tool will likely just ignore the "no such address" > > > rejections, leading to no additional impact on innocent third > parties. > > > > Contrast this with having your MTA accept the message for delivery, > > > pass the message on down the chain, and then have some later step > > realize the address is invalid and generate a notice to the sender > > address that the message was undeliverable. > > > > You're now generating outbound mail based on a spam you received. > This > > is bad. > > > > If the address was forged and nonexistent, your bounce will be > > rejected by the supposed sender's MTA; that's not as bad as > actually > > delivering a bounce to a real user, but you're still generating > > pointless traffic to some innocent third party. > > > > Multiply that by the millions of messages in a typical spam run and > > > you can get a DDoS against whatever address or domain was forged on > > > the spams as the sender address. > > > > Rejecting the addresses during the SMTP conversation doesn't > generate > > this extra traffic. > > > > Configuring your MTA to refuse to accept nonexistent addresses is > > typically a boolean option in its basic configuration settings, not > > something esoteric requiring complex addons. Any MTA that doesn't > > support this basic capability is badly broken by current standards. > > > > Some MTAs will also allow you to slow down the SMTP conversation > (e.g. > > pause a few seconds before sending responses) if more than a few > bad > > addresses are submitted, to mitigate against dictionary attacks. > > > > > > qmail, which i believe the OP was using is one of these "badly broken > by > current standards" MTAs as you put it. By default, it accepts ALL > mail > regardless of the validity of the recipient. It will then generate a > > bounce to the (most likely) forged address when it figures out the > recipient does not exist. There are many addons/patches to correct > this > behavior. I would check (using something other than IE) > http://qmail.jms1.net for general information and useful patches. > And > more specifically, > http://qmail.jms1.net/patches/validrcptto.cdb.shtml > which gives you the ability to reject invalid recipients at SMTP > time.
Thanks Jim and John, that helps a lot. I'm glad that qmail is like this by default because otherwise my setup would be to blame. :) I'm using qmail to handle incoming and outgoing mail for my domain but using a very old lan based mail server to actually deliver mail to our users so the qmail machine doesn't have any idea who's a valid user and who isn't, all non-junk goes into a single mailbox which our lan server then retrieves via pop. Outbound works similarly where our lan server relays through the qmail machine (no it's not an open relay). I'm loking at this patch at the moment: http://http.netdevice.com:9080/qmail/patch/goodrcptto-12.patch ...but will also look at the ones Jim suggested. Thanks again. -Jason ____________________________________________________________________________________ Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097
