[MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ?
Matt Kettler
mkettler at EVI-INC.COM
Wed Sep 21 00:18:35 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Venkata Achanta wrote:
> Hello List,
>
> http://computer-vet.com/weblog/2004/06/11/reverse_ndr.html
>
> My setup MS e-mail gatway relaying for exchange 2000.Upgrading to Xchange
> 2000 is in the works still as we have 1000's of users. My outbound Q on the
> mailscanner box is 6k with tonnes of NDRs,delaying legitimate e-mail. This
> started a week ago MS doing its job perfectly but still .....there should
> be a way to stop this attack.
>
> Accepting e-mail only for legit exchange users on the mailscanner gateway
> is also not helpful for this kind of attack.
Yes it is a way of preventing the attack, or at least it's a way of preventing
you from being used as a "relay".
In order for a reverse NDR attack to work you MUST first accept the message,
then later generate a bounce DSN.
Set up your mailscanner box to only accept valid users and your problem will
evaporate.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list