OT: extraordinary amount of spam to one domain
Steve Freegard
steve.freegard at fsl.com
Wed Dec 23 00:40:11 GMT 2009
On 22/12/09 20:40, Jeff Mills wrote:
> No they don't exist, but I'm not doing recipient checking because the server is not on the same site as exchange and don't want to increase traffic by recipient checking 50 odd domains.
> At my old job, I used to pull the addresses from active directory into a recipient file for postfix. That worked very well, but that was on the same site.
Everyone should do recipient checking if they are running a gateway
(e.g. the mail is being relayed to a mailbox server) otherwise you can
easily become source of backscatter.
To prove a point - I just telnetted to one of your MXes and sent a MAIL
FROM: a domain that I own (but I could have picked any domain) with a
RCPT TO: a random string @ your domain.
Attached is what I got back.
Imagine if instead I deliberately used MAIL FROM:'s that I knew were
valid addresses with a spam payload in the body....
Now imagine what your server is doing with that new domain you are
telling us about that is really hammering your server. As you're not
doing recipient verification - it's sending thousands of DSNs to
innocent users for any stuff that slips through where the MAIL FROM: is
forged and the recipient does not exist at the destination...
This is why recipient verification isn't optional. It's required if you
want to be a good SMTP netizen and avoid getting listed on certain
blacklists (e.g. backscatterer.org) because you've been used to send spam.
Not having the gateway on the same site as the mailbox server isn't a
problem - Postfix can store verification results in a cache file to
prevent lookups to the same address. I've frequently set-up hosts that
do verification to domains all over the planet - it's not a problem.
See
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users#using_smtp_recipient_verification
for the simple instructions on how to set it up.
Kind regards,
Steve.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20091223/78d5531d/AttachedMessagePart.html
More information about the MailScanner
mailing list