 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
9 messages in net.sourceforge.lists.courier-maildropRe: OT: Spam bounces (was: Re: [maild...| From | Sent On | Attachments |
|---|---|---|
| Christian Lerrahn | Jun 13, 2005 7:48 am | |
| Sam Varshavchik | Jun 13, 2005 8:13 am | |
| Casey Allen Shobe | Jun 16, 2005 3:39 pm | |
| Sam Varshavchik | Jun 16, 2005 4:23 pm | |
| mouss | Jun 16, 2005 4:50 pm | |
| Casey Allen Shobe | Jun 17, 2005 1:14 am | |
| Jure Koren | Jun 17, 2005 1:28 am | |
| Tony Earnshaw | Jun 17, 2005 2:41 am | |
| Sam Varshavchik | Jun 17, 2005 6:56 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: OT: Spam bounces (was: Re: [maildropl] Bounce email in .mailfilter) | Actions... |
|---|---|---|
| From: | Sam Varshavchik (mrs...@courier-mta.com) | |
| Date: | Jun 17, 2005 6:56:54 am | |
| List: | net.sourceforge.lists.courier-maildrop | |
Casey Allen Shobe writes:
On Thursday 16 June 2005 23:23, Sam Varshavchik wrote:
Bounces to forged return addresses are neither normal, nor reasonable. Only a small minority of mail servers behave in the manner that you think is normal.
Believe it, or not.
We use a pretty standard installation of the second most popular mail server in the world.
Which has not been updated in almost a decade, and no longer meets the expected minimum security standards of modern mail servers.
If the accounts do not exist your mail server should refuse to accept the messages in the first place, instead of accepting them and bouncing them to a forged return address, which belongs to a victim of forged spam.
And how do you propose to do that when you have a backup MX which accepts messages but has no concept of what the user accounts are like the primary MX that it forwards all mail to does?
Either fix the backup MX so that it knows what the valid recipients are, or stop using the backup MX. A backup MX is no longer needed on today's Internet. Backup MXs might've been a sensible approach back when many hosts were not connected to the Internet 24x7. However, that was a different millenium.
In any case, the existence of a backup MX is not a valid excuse for mailbombing innocent victims of spam forgeries.
B) You are subject to be blacklisted, for abuse. I have already blacklisted several thousands misconfigured mail servers who have been spewing spam bounces at me. If I didn't, last week I would've had almost six hundred turds in my mailbox to flush away.
We've been running a mail server for 200+ domains since 1999, and we are not on any blacklists.
Just the luck of the draw. You will. It's only a matter of time. Send a forged bounce to the wrong address, and say good-night, Gracie.
I propose that your mail server should comply with the minimum security standards expected from all modern Internet mail servers, and refuse to accept unwanted mail, instead of accepting it, and bouncing to a forged return address.
Haha. My mail server is a standard qmail+vpopmail installation. I seriously doubt there are any "security" weaknesses in it.
Backscatter is considered a security hole on the contemporary Internet.
But this has absolutely nothing to do with abusive backscatter bounce-mailbombs to forged return addresses. And you need to understand the difference between "normal and reasonable" bounces, and backscatter, which is subject to get you blacklisted, for abuse.
I'm pretty sure that you're confused in thinking that we're sending out these malicious sorts of responses.
If you're running "standard Qmail+Vpopmail", you are.
But then whan are all the bounce messages to nonexistant addresses in our queue?
I didn't say "bounces TO nonexistent addresses".