OT: extraordinary amount of spam to one domain

Steve Freegard steve.freegard at fsl.com
Wed Dec 23 10:05:35 GMT 2009 

On 23/12/09 09:04, Jethro R Binks wrote:
> I know at least one
> of those is a ancient qmail insatnce which will happily accept anything
> offered to it and later bounce, and at least several others are (or maybe
> were) older Exchange instances which couldn't or wouldn't reject at SMTP
> time.

Patches and plug-ins have been available for Qmail for ages to deal with 
this (I know this because I fixed this for a customer a while back - 
it's relatively straightforward).

Exchange 5.5 and Exchange 2000 are the worst culprits; you have to do an 
export and use manual maps for these or do online LDAP queries to them.

> So, for those, I don't have much choice but to accept the message, then
> let the internal server accept-then-bounce.  I do what I can to mitigate
> the effects of this, but it will always be far from perfect, and I do not
> have the power to do very much about it, much as I would like too.

Accept-the-bounce is a slightly different problem to what I showed 
originally; in my original mail - the remote server *was* rejecting 
invalid recipients at RCPT TO: time and therefore causing the gateway to 
generate the DSN.

Accept-the-bounce means the mailbox server generates the DSN and not the 
gateway.  The choice here for a gateway operator is not to allow hosts 
such as these to relay their outbound mail (and thus the DSNs) via the 
gateway and choose to deliver them directly to the internet.

This prevents the gateway from being listed as a backscatter or spam 
source and affecting all the other domains handled by that gateway (e.g. 
one domain 'peeing-in-the-pool' so to speak..) as the mailbox server IP 
will be the one that will get blacklisted if attacked. It's also another 
good reason to have separate machines handling inbound and outbound mail.

> However, there are probably several reasons why some gateways cannot do
> any of those things.  Sad, but true.

Sure - but I usually find that once the gateway has been used as a spam 
reflector these reasons magically disappear.  That's both sad and true.

For those that charge for providing e-mail services; I recommend that a 
premium is charged for handling domains that do not reject invalid 
recipients or that use 'catch-all' accounts as they cause considerable 
overheads when compared to other domains.  That's usually another good 
incentive to either get this fixed or a workaround put in place.

Cheers,
Steve.

More information about the MailScanner mailing list