On Thursday 16 June 2005 23:23, Sam Varshavchik wrote:
Bounces to forged return addresses are neither normal, nor reasonable.
Only a small minority of mail servers behave in the manner that you think
is normal.
Believe it, or not.
We use a pretty standard installation of the second most popular mail server
in the world.
If the accounts do not exist your mail server should refuse to accept the
messages in the first place, instead of accepting them and bouncing them to
a forged return address, which belongs to a victim of forged spam.
And how do you propose to do that when you have a backup MX which accepts
messages but has no concept of what the user accounts are like the primary MX
that it forwards all mail to does?
B) You are subject to be blacklisted, for abuse. I have already
blacklisted several thousands misconfigured mail servers who have been
spewing spam bounces at me. If I didn't, last week I would've had almost
six hundred turds in my mailbox to flush away.
We've been running a mail server for 200+ domains since 1999, and we are not
on any blacklists.
I propose that your mail server should comply with the minimum security
standards expected from all modern Internet mail servers, and refuse to
accept unwanted mail, instead of accepting it, and bouncing to a forged
return address.
Haha. My mail server is a standard qmail+vpopmail installation. I seriously
doubt there are any "security" weaknesses in it.
But this has absolutely nothing to do with abusive backscatter
bounce-mailbombs to forged return addresses. And you need to understand
the difference between "normal and reasonable" bounces, and backscatter,
which is subject to get you blacklisted, for abuse.
I'm pretty sure that you're confused in thinking that we're sending out these
malicious sorts of responses. But then whan are all the bounce messages to
nonexistant addresses in our queue?
Cheers,
9 messages in net.sourceforge.lists.courier-maildropOT: Spam bounces (was: Re: [maildropl...
