OT: Sendmail REJECT or DISCARD preference

Peter Farrow peter at farrows.org
Fri Mar 28 17:26:29 GMT 2008


Matt Kettler wrote:
> Peter Farrow wrote:
>>
>>
>> Steve Campbell wrote:
>>> Since we're hitting the access file pretty hard today, I thought I'd 
>>> ask a question about what most might put in there.
>>>
>>> I typically use the DISCARD parameter instead of the REJECT, with 
>>> the reason being I don't want to add to the trash on the web. What 
>>> do most use here and am I correct in thinking that DISCARD is less 
>>> bandwidth and CPU intensive?
>
> DISCARD is more CPU and resource intensive, as it occurs after the 
> DATA phase. You have to recieve the whole message to DISCARD it.
>
> REJECT occurs prior to the completion of the SMTP transfer, generally 
> at the RCPT TO: command. If you can do it here, this is a *MUCH* 
> better idea.
>
>>>
>>> Thanks for any thoughts.
>>>
>>> Steve
>>>
>>
>> DISCARD every time... because if its spoofed you'll only get it back 
>> in your postmaster account....
>
> Um, this is rejecting during the SMTP session, not bouncing after 
> delivery. The two concepts are very different.
>
> If you REJECT at the sendmail layer, a SMTP 550 is generated and the 
> sending server will get it in THEIR postmaster box (assuming that it 
> really is a server. if it's a spambot it vanishes into the ether). It 
> will not end up in your postmaster box. Ending up in your postmaster 
> box is what happens when you bounce email on a post-delivery basis, 
> which is not the same as REJECT.
>
> Bouncing is stupid, rejecting with a 5xx error at the SMTP layer is not.
>
> Quite frankly REJECT is the proper and best behavior. It does not 
> generally create backscatter, and when it does, all the backscatter is 
> sourced by the single server that is sourcing or relaying the spam. 
> Bots won't backscatter at all with rejects, as they don't retry or 
> queue mail.
>
> Rejecting reduces the typical DDoS nature of backscatter to a 
> single-source problem that can easily be handled by blacklisting the 
> server that's the spam source. (unlike post delivery bouncing, those 
> messages will come from servers all over the world)
>
>
> Rejecting also has exactly the same consequences as email being sent 
> to an invalid recipient and having your mailserver 550 that. This is 
> normal, and how nearly every intelligent SMTP server (baring unpatched 
> qmail) behaves.
>
>
>
>
>
Well, actually my practical experience says exactly the opposite, I have 
quite an extensive evolved access list on my sendmail MTA with over 1000 
discards in it.  Once this was implemented it greatly reduced to cr*p 
that was ending up in the postmaster addresses.  So I still disagree, 
discard works best for me across my enterprise, however I would add that 
my enterprise is probably atypical to most in that I process nearly a 
million emails per week....

All this discussion has certainly made me think again about it so its 
not all bad...

Regards

Pete


More information about the MailScanner mailing list