You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Aaron Boyles <Bo...@ITC.GOV> on 2005/12/22 03:09:00 UTC
RE: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Uh oh... I might be a guilty party here. What do you mean by "bounce after
accepting?" With my own app, it receives the E-Mail, gets as far as the
DATA command, does a quick overview of the E-Mail, and if it's considered
spam, it returns a 550 - User Doesn't Exist instead of a 250 - Okay.
Is that what you mean?
-Aaron
-----Original Message-----
From: Rick Macdougall [mailto:rickm@ummm-beer.com]
Sent: Wednesday, December 21, 2005 6:24 PM
To: users@spamassassin.apache.org
Subject: Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound
familiar to anyone?)
Matt Kettler wrote:
> Realistically, most spam I get seems to be using addresses that are
> already in the spammer's database of "valid" email addresses. While I
> see a lot of viruses using dictionary based MAIL FROM addresses, I see
> very little spam doing this.
>
> So I don't think this really changes much about spam, aside from
> perhaps encouraging spammers to clean their lists.
My system would disagree with you for the last 3 days :)
We've been under a constant bounce bombardment of bounced spams (from
f*cking idiot admins who can't understand that you do not bounce after
accepting, sorry for the language) where the majority of user names are
roger[a-z][a-z]@example.com (where roger is any valid name).
We had one advance MX server that usually ran 32 connections out of 120
and now we've had to bring on 3 additional servers all running 300
connections and we've had to turn off SA processing because the incoming
load is just too high.
I'd really like to take a bat to the knees of the spammer doing this AND
the mail admins who bounce after accepting.
Just my $0.02
Rick
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Posted by Rick Macdougall <ri...@ummm-beer.com>.
Shane Williams wrote:
> On Wed, 21 Dec 2005, Rick Macdougall wrote:
>
>> What I mean is servers that 250 OK an email message, then later on try
>> to resend the message to a forged sender because ... user is over quota
>
> Now I'm confused. Are you saying that running sendmail with procmail
> as the LDA is a Bad Thing? As I understand it, it does exactly what
> you're describing when a user is over quota (but I admit my
> understanding might be flawed). Either way, do you have
> recommendations on how to get sendmail to check quota before accepting
> mail? Some milter, perhaps? (I did a little googling but haven't
> come up with anything yet)
>
Good question. I moved away from / am moving away from sendmail for a
variety of reasons and that is one of them. I found adding a -t switch
to the procmail delivery made it retry instead of bouncing but then you
end up getting those 4 hour retry messages bouncing back.
IMHO, bouncing an over quota email is not a good thing but it is less of
a bad thing than bouncing unknown users.
Rick
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Posted by Shane Williams <sh...@shanew.net>.
On Wed, 21 Dec 2005, Rick Macdougall wrote:
> What I mean is servers that 250 OK an email message, then later on try to
> resend the message to a forged sender because ... user is
> over quota
Now I'm confused. Are you saying that running sendmail with procmail
as the LDA is a Bad Thing? As I understand it, it does exactly what
you're describing when a user is over quota (but I admit my
understanding might be flawed). Either way, do you have
recommendations on how to get sendmail to check quota before accepting
mail? Some milter, perhaps? (I did a little googling but haven't
come up with anything yet)
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines | shanew@shanew.net
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Posted by Rick Macdougall <ri...@ummm-beer.com>.
Aaron Boyles wrote:
> Uh oh... I might be a guilty party here. What do you mean by "bounce after
> accepting?" With my own app, it receives the E-Mail, gets as far as the
> DATA command, does a quick overview of the E-Mail, and if it's considered
> spam, it returns a 550 - User Doesn't Exist instead of a 250 - Okay.
>
> Is that what you mean?
No,
A 55x reject is a reject, not a bounce.
What I mean is servers that 250 OK an email message, then later on try
to resend the message to a forged sender because user does not exist or
user is over quota or (my favorite, you get black listed for this) you
sent a message that was considered spam or a virus bounce.
If you 55x, you never accepted the email.
Regards,
Rick
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)
Posted by "Jim C. Nasby" <de...@decibel.org>.
BTW, a friend of mine wrote a little perl script to keep a secondary MX
aware of what usernames are valid for a domain, which prevents the
secondary from accidentally accepting email for invalid users. The info
is at http://slacker.com/~nugget/postfixrelaymaps.php.
--
Jim C. Nasby, Database Architect decibel@decibel.org
Give your computer some brain candy! www.distributed.net Team #1828
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Posted by Jim Maul <jm...@elih.org>.
Matt Kettler wrote:
> Aaron Boyles wrote:
>> Uh oh... I might be a guilty party here. What do you mean by "bounce after
>> accepting?" With my own app, it receives the E-Mail, gets as far as the
>> DATA command, does a quick overview of the E-Mail, and if it's considered
>> spam, it returns a 550 - User Doesn't Exist instead of a 250 - Okay.
>>
>> Is that what you mean?
>
> No.. bounce after accept means to not validate the recipient until after the
> whole SMTP session is done.
>
> ie: a server set up to queue and forward all mail for a domain to an internal
> server without any checks of the recipient at all. Later the internal server
> rejects the mail because the user doesn't exist, resulting in a post-delivery
> bounce message being generated.
>
> Most servers of this sort also self-flood with double-bounce messages.
>
>
ie: any standard qmail install.
-Jim
Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa
miliar to anyone?)
Posted by Matt Kettler <mk...@evi-inc.com>.
Aaron Boyles wrote:
> Uh oh... I might be a guilty party here. What do you mean by "bounce after
> accepting?" With my own app, it receives the E-Mail, gets as far as the
> DATA command, does a quick overview of the E-Mail, and if it's considered
> spam, it returns a 550 - User Doesn't Exist instead of a 250 - Okay.
>
> Is that what you mean?
No.. bounce after accept means to not validate the recipient until after the
whole SMTP session is done.
ie: a server set up to queue and forward all mail for a domain to an internal
server without any checks of the recipient at all. Later the internal server
rejects the mail because the user doesn't exist, resulting in a post-delivery
bounce message being generated.
Most servers of this sort also self-flood with double-bounce messages.