ssilva at sgvwater.com
Thu Apr 2 20:54:42 IST 2009
on 4-2-2009 12:37 PM Rick Cooper spake the following:
> Just a query regarding bounces: How many of you actually bounce mail
> anymore? I ask this question because I noted a huge number of rejects on one
> of my servers that appear to be valid bounce attempts to an address of
> info at mydomain.com for the last week or so. I have an ACL that looks at the
> local part of recipients and if that local part is being used it denies the
> message (even null sender) with a message stating there is no such user and
> it's an address currently being joe-jobbed. I see the same ips repeatedly
> attempting a bounce for days.
> I decided to do a search for the address in question and found several honey
> pots listing dictionary attacks by several Ips and when I look at the info I
> see things like sender : Anna <info at mydomain.com>, and of course a bunch of
> other addresses that are, I am sure, fake as well.
> Since this has gotten to the point of thousands of attempted bounces a day I
> added an call to ExiBlock today that will add the addresses to the firewall
> for 2 days, but I started thinking who actually bounces mail, or for that
> matter accepts mail for users that are not their own?
> What really pisses me off is the fact that we sign all our mail and we have
> SPF records that hard fail any host not actually used for sending mail for
> our domains. So you hear people say the don't check SPF, it's useless and
> then I get hammered by back scatter for weeks because they didn't even
> bother to check the freaking SPF record.
If I can't reject at the SMTP phase, I just bitbucket them. The only thing I
may bounce is rejected content messages. Most spam has invalid sender info, so
you are just flooding the system with more junk.
If you have an edge system doing your initial scanning, it needs someway of
knowing valid addresses and rejecting, not bouncing.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090402/eaff04c9/signature.bin
More information about the MailScanner