 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
9 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] Bounce email in .mail...| From | Sent On | Attachments |
|---|---|---|
| Christian Lerrahn | Jun 13, 2005 7:48 am | |
| Sam Varshavchik | Jun 13, 2005 8:13 am | |
| Casey Allen Shobe | Jun 16, 2005 3:39 pm | |
| Sam Varshavchik | Jun 16, 2005 4:23 pm | |
| mouss | Jun 16, 2005 4:50 pm | |
| Casey Allen Shobe | Jun 17, 2005 1:14 am | |
| Jure Koren | Jun 17, 2005 1:28 am | |
| Tony Earnshaw | Jun 17, 2005 2:41 am | |
| Sam Varshavchik | Jun 17, 2005 6:56 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [maildropl] Bounce email in .mailfilter | Actions... |
|---|---|---|
| From: | Sam Varshavchik (mrs...@courier-mta.com) | |
| Date: | Jun 16, 2005 4:23:45 pm | |
| List: | net.sourceforge.lists.courier-maildrop | |
Casey Allen Shobe writes:
On Monday 13 June 2005 15:11, Sam Varshavchik wrote:
2) You should avoid bouncing mail after it's already accepted by your mail server. What you're doing might've been tolerable years ago, but on today's Internet, where an estimated 75% of all E-mail is spam with forged return addresses, sending backscatter bounces to forged return addresses -- especially in situations where they are easily preventable -- is considered abusive.
I'm sorry, but what??? Bounce messages are a normal and reasonable part of the E-mail infrastructure,
Bounces to forged return addresses are neither normal, nor reasonable. Only a small minority of mail servers behave in the manner that you think is normal.
Believe it, or not.
and are *not* considered abusive. We see lots of mail coming in to local accounts that don't exist, and then the server automatically sends out bounce messages.
If the accounts do not exist your mail server should refuse to accept the messages in the first place, instead of accepting them and bouncing them to a forged return address, which belongs to a victim of forged spam.
If you accept mail to nonexistent addresses and bouncing them, then:
A) You are participating in a distributed mailbomb against victims of spam forgeries.
B) You are subject to be blacklisted, for abuse. I have already blacklisted several thousands misconfigured mail servers who have been spewing spam bounces at me. If I didn't, last week I would've had almost six hundred turds in my mailbox to flush away.
C) Your mail server will be used as a bandwidth amplifier for mailbombs. An attacker will send you a one-byte message, to a nonexistent mailbomb, with the return address set to a deliverable mailbomb target. Your broken mail server will obediently turn around and transmit a bounce that's several hundred (or more) characters long, thus your bandwidth gets hijacked to magnify the bandwidth of the mailbomb, by several hundred times.
How very gracious of you to contribute so much bandwidth to a mailbomb. Script kiddies everywhere thank you.
These bounces all typically bounce themselves, and eventually disappear out of the queue. What would you propose instead?
I propose that your mail server should comply with the minimum security standards expected from all modern Internet mail servers, and refuse to accept unwanted mail, instead of accepting it, and bouncing to a forged return address.
I certainly expect to receive a message if I accidentally typo an E-mail address,
Of course. wWen your mail server contacts the MX for the recipient's domain, the MX will reject the address with a 5xx error, and your mail server will assemble a properly-formatted bounce, and deliver it.
That is, indeed, a "normal and reasonable" bounce.
But this has absolutely nothing to do with abusive backscatter bounce-mailbombs to forged return addresses. And you need to understand the difference between "normal and reasonable" bounces, and backscatter, which is subject to get you blacklisted, for abuse.