Rick Widmer schrieb:
Tom Collins wrote:
<snip>
Please reconsider that recommendation. Perhaps some discussion on
the list is in order...
Discussion is most welcome. That's a major reason why I posted it.
With chkuser, is it possible to pull a joe-job? The spammer connects
> directly to my SMTP server, but I reject it at the SMTP level instead
of generating a bounce that I then try to deliver to the actual target
> (the forged sender of the message).
Good question. Anyone know off the top of their head how this works.
Joe-Job means, that someone is using your address as sender for a
spam-mail (or 5 million spams).
They aren't relayed through your server, so there's little you can do
about that.
But you get the bounces...and there are lots.
SPF et.al is supposed to eliminate this, but it's a technology of the
future (and always will be...).
I guess I should, as I use chkuser too. I'm thinking either delete or
bounce should act the same and reject non-existent users. I know I
can't forward mail to a catchall account and still reject non-existent
users. This topic should probably be added to the file since it does
affect how deliveries work on the server.
Setting a "catchall-delete" means, you've got to spam-check and
clamav-check each of the thousand of spams and viruses that those
bone-head spammers try to send to your non-existent accounts.
Just imagine you've got a whopping 10k domains with this activated by
default and get several hundret thousands of additional spams per day
that you've got to process and then throw away.
A nightmare.
I'd even advocate an "R U Serious, dude?" popup, if someone wants to
activate this setting in qmailadmin.
;-)
You might have mixed that up with some "discard double bounces patch".
cheers,
Rainer
