[MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ?

Matt Kettler mkettler at EVI-INC.COM
Wed Sep 21 01:11:11 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Philip Parsons wrote:
> I use a tool called qtool.pl which scans the mail queue for any "User
> unknown" every hour and then deletes the mail from the queue.

Hmmm, given the reality of Reverse NDR's, I'd not suggest using this script as
any form of long-term solution.

This approach only deals with the backloged queue problem that results from a
spammer abusing you. It still leaves you vulnerable to being abused by spammers.
All the successful reverse NDRs will have been spammed out by your server before
the qtool.pl removes them.

Fix it right, don't queue mail sent to your domain unless the recipient is
valid. Period.

Given the reality of the reverse NDR style of spamming it won't be long before
blind-queue servers are generally regarded in the same light as open relays and
smurf amplifiers. Do yourself a favor and start fixing the problem now before
popular consensus agrees that this is a bad thing and blacklists are set up for
"open NDR relays" which include your server.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list