Joe Jobbed, etc.

Glenn Steen glenn.steen at GMAIL.COM
Thu Dec 22 00:22:40 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 22/12/05, Kevin Miller <Kevin_Miller at ci.juneau.ak.us> wrote:
> Michele Neylon:: Blacknight.ie wrote:
> > Pete Russell wrote:
> >> Wont milter-ahead deal with this by blocking those email during
> >> handshaking for being incorrectly addressed? Only accept mail for
> >> delivery that is accurately addressed?
> >>
> >
> > That's what we do and it works very well.
> > The bigger issue is when the return path is forged but is  to a valid
> > user ...
>
> Been sidetracked with other brushfires lately, but I'm still seeing a
> lot of mail coming in for userXXXX at ci.juneau.ak.us where XXXX is a
> random string of four characters (alpha).  I haven't implemented
> milter-ahead yet - it looks like they're now charging for it and I'd
> like test it out on a non-production server before I shell out the $.  I
> downloaded an earlier version a couple weeks ago but he's since updated
> libsnert (which isn't downloadable) and isn't backwards compatible
> apparently.  Long story short, milter-ahead looks like a science project
> for another day.
>
> I'm not sure if I'm the victim of a joe job, or reverse NDR, but in
> thinking about it, milter-ahead won't solve the greater problem anyway.
> Right now, my Exchange box is replying to the NDRs.  Milter-ahead would
> just cause my MS gateway to do that instead.

Um, no.... The thing is it'll reject the erroneous addresses early in
the SMTP conversation, at the RCPT TO: stage, way before any hefty
DATA has been sent, and _mostimportantly *before* you have accepted
the mail_... This means that the mail is still the senders problem,
and it is the _sending MTA_ that need generate the NDNs/NDRs, not you.
Nice, eh?

> I think the better thing
> to do is to accept the mail and deep six it.

No! Why take responsibility for something that really *shouldn't be
your problem*?

> What I'd like to do is put
> an entry in spam.blacklist.rules and send it to the spam bucket.  Right
> now, low scoring spam is sent to a phony user
> (Alphonse_Spamdog at mydomain) on one of my gateways, and a MailWatch
> quarantine on the others.  So, if I put a line like this:
>
> To:     my_user[some regular expression here]@ci.juneau.ak.us
> yes
>
> in there, then any phony bounces or reverse NDR attack messages would
> land harmlessly in the dustbin, so to speak.  I wouldn't be resending
> them and they wouldn't clutter up my postmaster inbox.
>
> Anybody see any problems with that,
(snip)

More of a science project than handling it at the MTA, if you ask me;-).

Merry Xmas!
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list