Reject emails to nonexistent addresses?

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Fri Jan 21 09:05:57 GMT 2005


I note that verizon are a milter-ahead style sender verification and its
causing quite a few problems..

<from person nanog email list...>

 > I was _hammered_ all throughout last year by messages to unknown
accounts from machines in the sc0<nn>pub.verizon.net segment (nn = 01 -
99). Eventually I had to blacklist anything matching that pattern. Seems
to be a lot more quiet now though.

Actually, I suspect those are (misguided?) attempts at sender
verification*.  We get hammered by those too, and they're always** from
<> or antispam[0-9]+ at west.verizon.net.  We know spammers are forging our
domain name in the return address, using randomly-generated addresses
which look just like the unknown users Verizon is trying to reach.

* Since so many admins disable VRFY to guard against dictionary attacks,
the new tactic is to try to send mail to an address, but then drop the
connection before sending an actual message.  It can be used to make
dictionary attacks, or it can be used on the purported sender of a
message to make sure the return address exists.

** I've only done spot checks, but every time I have, they've fit this
pattern.
</from>

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


nats wrote:
> I agreed to Steve Swaney, milters for sendmail are very handy tools. I have
> it running for a year now, and it works like a charm together with
> MailScanner and Sendmail.
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Steve Swaney
> Sent: Tuesday, January 18, 2005 12:16 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Reject emails to nonexistent addresses?
>
>
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>Behalf Of Mike Kercher
>>Sent: Monday, January 17, 2005 10:56 AM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: Reject emails to nonexistent addresses?
>>
>>There are a couple of milters.  The one I use is milter-sender.  There is
>>another called milter-ahead that does the call ahead to your Exchange
>>server
>>or other final destination.  milter-sender also does the call ahead.
>>
>>Mike
>>
>
>
> Milter-ahead checks to see if the email can be delivered to the recipient
> before sendmail accepts the message for delivery. Not normally needed on a
> mailhub but very useful on a pass-through gateway.
>
> Milter-sender attempts to verify that the sender's email address is in good
> standing by performing an SMTP callback to the MX server responsible for the
> sender's domain.
>
> Both are handy tools.
>
> There are many more useful milters available at
>
>         http://www.milter.info/
>
> Another one I'm about to test is
>
> milter-limit limits the number of messages by connecting client IP, from a
> sender, or to a recipient over a given time period.
>
> Steve
> Steve Swaney
> President
> Fortress Systems Ltd.
> www.fsl.com
> steve.swaney at fsl.com
>
>
> --
> This message has been scanned for viruses and dangerous content by The
> MailScanner at Fortress Systems Ltd., www.fsl.com, and is believed to be
> clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> --
> All messages that are coming from this domain
> is certified to be virus and spam free.  If
> ever you have received any virus infected
> content or spam, please report it to the
> internet administrator of this domain
> nats at sscrmnl.edu.ph
>
>
> --
> All messages that are coming from this domain
> is certified to be virus and spam free.  If
> ever you have received any virus infected
> content or spam, please report it to the
> internet administrator of this domain
> nats at sscrmnl.edu.ph
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list