 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
9 messages in net.sourceforge.lists.courier-maildropRe: OT: Spam bounces (was: Re: [maild...| From | Sent On | Attachments |
|---|---|---|
| Christian Lerrahn | Jun 13, 2005 7:48 am | |
| Sam Varshavchik | Jun 13, 2005 8:13 am | |
| Casey Allen Shobe | Jun 16, 2005 3:39 pm | |
| Sam Varshavchik | Jun 16, 2005 4:23 pm | |
| mouss | Jun 16, 2005 4:50 pm | |
| Casey Allen Shobe | Jun 17, 2005 1:14 am | |
| Jure Koren | Jun 17, 2005 1:28 am | |
| Tony Earnshaw | Jun 17, 2005 2:41 am | |
| Sam Varshavchik | Jun 17, 2005 6:56 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: OT: Spam bounces (was: Re: [maildropl] Bounce email in .mailfilter) | Actions... |
|---|---|---|
| From: | Jure Koren (ju...@aufbix.org) | |
| Date: | Jun 17, 2005 1:28:45 am | |
| List: | net.sourceforge.lists.courier-maildrop | |
On Friday 17 June 2005 10:14, Casey Allen Shobe wrote:
And how do you propose to do that when you have a backup MX which accepts messages but has no concept of what the user accounts are like the primary MX that it forwards all mail to does?
By making your backup MX aware of all the valid recipients for all the domains you are accepting on that MX. This is usually done with LDAP, so that you can have a local replica that is always up to date (minus network outages, which are rare enough these days that this goes within the 0.01% downtime you're likely going to have anyway).
I use postfix, which has a very nice option called relay_recipient_maps that does just this. It makes a lot of sense to do this on _every_ of your secondary MX servers. It also makes greylisting worthwile, and it eliminates more than 90% of all spam and virii before they even hit the av/spam filters.
B) You are subject to be blacklisted, for abuse. I have already blacklisted several thousands misconfigured mail servers who have been spewing spam bounces at me. If I didn't, last week I would've had almost six hundred turds in my mailbox to flush away.
We've been running a mail server for 200+ domains since 1999, and we are not on any blacklists.
You can't really tell. You're likely not on any public blacklists, but that doesn't mean that somebody didn't blacklist you when they got enough of your bounces to their MX, because spammer used their domain when forging source addresses.
I propose that your mail server should comply with the minimum security standards expected from all modern Internet mail servers, and refuse to accept unwanted mail, instead of accepting it, and bouncing to a forged return address.
Haha. My mail server is a standard qmail+vpopmail installation. I seriously doubt there are any "security" weaknesses in it.
Doubting the security of a system is the first step towards securing it. Making sure you don't accept mail for nonexistent local users is very polite towards the internet, but of course it potentially reveals valid local recipients' addresses throught dictionary attacks. The choice is yours, but I strongly urge you to consider the internet-friendly option. That way, the spam problem is likely going to be reduced instead of aggravated. Most of bigger systems do this because the huge amount of junk they could have sent as bounces would have been disastrous for smaller systems.
-- Jure Koren, n.i.