LDAP/MTA helping Spammers?

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Tue Jan 11 16:39:30 GMT 2005


Chris Lyon wrote:
> On Tue, 11 Jan 2005 10:46:10 +0100, Steen, Glenn <Glenn.Steen at ap1.se> wrote:
>
>>I'd tend to agree with Martin here. Even if the domain would be mapped,
>>ATM this type of thing has more benefit than badness.
>
>
> I am not disagreeing that the benefit isn't there but from a security
> standpoint it is always better to give less information that more
> information. So either at the MTA or in MS wouldn't it be better to
> just silently delete? Not sending any "User unknown"?
>

Depends on risk you attach to having your email addresses 'known'.

Also depends on the server load (66% of my inbound email is spam/malware
for non existant addresses)....and if the message does get through you
end up bouncing it by the final MX and then having to deal with the
bounce of the bounce as the 'from' address prob won't work either....

A straight '550 no such user' from the MailScanner inbound MTA is much
cleaner IHMO.

For me the risk of having someone brute force the email addresses buy
guessing is less than the email gateway being DOS-ed by thousands of
emails I need to get MS to process to decide what to do with it.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list