rcooper at dwford.com
Thu Apr 2 20:37:43 IST 2009
Just a query regarding bounces: How many of you actually bounce mail
anymore? I ask this question because I noted a huge number of rejects on one
of my servers that appear to be valid bounce attempts to an address of
info at mydomain.com for the last week or so. I have an ACL that looks at the
local part of recipients and if that local part is being used it denies the
message (even null sender) with a message stating there is no such user and
it's an address currently being joe-jobbed. I see the same ips repeatedly
attempting a bounce for days.
I decided to do a search for the address in question and found several honey
pots listing dictionary attacks by several Ips and when I look at the info I
see things like sender : Anna <info at mydomain.com>, and of course a bunch of
other addresses that are, I am sure, fake as well.
Since this has gotten to the point of thousands of attempted bounces a day I
added an call to ExiBlock today that will add the addresses to the firewall
for 2 days, but I started thinking who actually bounces mail, or for that
matter accepts mail for users that are not their own?
What really pisses me off is the fact that we sign all our mail and we have
SPF records that hard fail any host not actually used for sending mail for
our domains. So you hear people say the don't check SPF, it's useless and
then I get hammered by back scatter for weeks because they didn't even
bother to check the freaking SPF record.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner