[MAILSCANNER] Reverse NDR attack.How to combat ? Any ideas ?
Lars Kristiansen
lars+lister.mailscanner at ADVENTURAS.NO
Wed Sep 21 14:26:43 IST 2005
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
> I am using a postfix/MailScanner combination on our e-mail gateways. We use
> the relay_domain and relay_recipient options to only allow mail through
if it is first a valid domain and second if it is a valid recipient on
the domain. It is a bit of manual work to keep the recipient list up to
date but
> they tell me pretty quickly if I forget! :) With this setup postfix
automatically rejects the message. I don't see many NDR's in the queue
waiting to be processed. I figure its either that I haven't been
dictionary
> attacked yet or postfix is doing a good job!
In sendmail the virtusertable can be your friend.
And you may want to include nobodyreturn in your confPRIVACY_FLAGS:
PrivacyOptions=nobodyreturn instructs sendmail not to include the body of
the original message on delivery status notifications. ...
An example-line for your mc:
define(`confPRIVACY_FLAGS',
`authwarnings,novrfy,noexpn,nobodyreturn,restrictqrun')dnl
--
Lars
>
> On 9/20/05, Venkata Achanta <vachanta at gmail.com> wrote:
>>
>> >Given the reality of the reverse NDR style of spamming it won't be long
>> before
>> >blind-queue servers are generally regarded in the same light as open
>> relays and
>> >smurf amplifiers. Do yourself a favor and start fixing the problem now
>> before
>> >popular consensus agrees that this is a bad thing and blacklists are
>> set
>> up for
>> >"open NDR relays" which include your server.
>>
>> Thanks Matt.didnt make sense until it became a reality on my mail servers
>> this week. I agree with you 100%.
>>
>> Now if i go the route of accepting e-mail for only valid users, how do
i mitigate the risk of Directory Harvest attack on a setup like mine
?can you
>> throw some light on it as well ?
>>
>> Thanks again.
>>
>> ------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> ------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list