OT: extraordinary amount of spam to one domain

Steve Freegard steve.freegard at fsl.com
Wed Dec 23 00:40:11 GMT 2009

On 22/12/09 20:40, Jeff Mills wrote:
> No they don't exist, but I'm not doing recipient checking because the server is not on the same site as exchange and don't want to increase traffic by recipient checking 50 odd domains.
> At my old job, I used to pull the addresses from active directory into a recipient file for postfix. That worked very well, but that was on the same site.

Everyone should do recipient checking if they are running a gateway 
(e.g. the mail is being relayed to a mailbox server) otherwise you can 
easily become source of backscatter.

To prove a point - I just telnetted to one of your MXes and sent a MAIL 
FROM: a domain that I own (but I could have picked any domain) with a 
RCPT TO: a random string @ your domain.

Attached is what I got back.

Imagine if instead I deliberately used MAIL FROM:'s that I knew were 
valid addresses with a spam payload in the body....

Now imagine what your server is doing with that new domain you are 
telling us about that is really hammering your server.  As you're not 
doing recipient verification - it's sending thousands of DSNs to 
innocent users for any stuff that slips through where the MAIL FROM: is 
forged and the recipient does not exist at the destination...

This is why recipient verification isn't optional.  It's required if you 
want to be a good SMTP netizen and avoid getting listed on certain 
blacklists (e.g. backscatterer.org) because you've been used to send spam.

Not having the gateway on the same site as the mailbox server isn't a 
problem - Postfix can store verification results in a cache file to 
prevent lookups to the same address.  I've frequently set-up hosts that 
do verification to domains all over the planet - it's not a problem. 
for the simple instructions on how to set it up.

Kind regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20091223/78d5531d/AttachedMessagePart.html

More information about the MailScanner mailing list