OT: extraordinary amount of spam to one domain
Jethro R Binks
jethro.binks at strath.ac.uk
Wed Dec 23 09:04:34 GMT 2009
On Wed, 23 Dec 2009, Steve Freegard wrote:
> Everyone should do recipient checking if they are running a gateway
> (e.g. the mail is being relayed to a mailbox server) otherwise you can
> easily become source of backscatter.
Yes, they *should*.
> This is why recipient verification isn't optional. It's required if you
> want to be a good SMTP netizen and avoid getting listed on certain
> blacklists (e.g. backscatterer.org) because you've been used to send
But, some people cannot do it, in various circumstances. For example, in
my case, I have several independently-operated departmental servers, for
which my servers act as the MX. I do not have their recipient lists, but
I can do call-outs to those servers at the time I am being offered the
message to see if they would accept it ("callforward verification" as some
might call it). Mostly that's OK, but unfortunately, I know at least one
of those is a ancient qmail insatnce which will happily accept anything
offered to it and later bounce, and at least several others are (or maybe
were) older Exchange instances which couldn't or wouldn't reject at SMTP
So, for those, I don't have much choice but to accept the message, then
let the internal server accept-then-bounce. I do what I can to mitigate
the effects of this, but it will always be far from perfect, and I do not
have the power to do very much about it, much as I would like too.
Other solutions may involve the gateway holding a copy of the recipient
list for a remote server, or the gateway performing database or LDAP
lookups at SMTP-time to determine if an address is likely deliverable.
However, there are probably several reasons why some gateways cannot do
any of those things. Sad, but true.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
More information about the MailScanner