RE: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

[Aaron Boyles <Bo...@ITC.GOV>]

Uh oh... I might be a guilty party here.  What do you mean by "bounce after
accepting?"  With my own app, it receives the E-Mail, gets as far as the
DATA command, does a quick overview of the E-Mail, and if it's considered
spam, it returns a 550 - User Doesn't Exist instead of a 250 - Okay.

Is that what you mean?

-Aaron


-----Original Message-----
From: Rick Macdougall [mailto:rickm@ummm-beer.com] 
Sent: Wednesday, December 21, 2005 6:24 PM
To: users@spamassassin.apache.org
Subject: Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound
familiar to anyone?)


Matt Kettler wrote:
> Realistically, most spam I get seems to be using addresses that are 
> already in the spammer's database of "valid" email addresses. While I 
> see a lot of viruses using dictionary based MAIL FROM addresses, I see 
> very little spam doing this.
> 
> So I don't think this really changes much about spam, aside from 
> perhaps encouraging spammers to clean their lists.

My system would disagree with you for the last 3 days :)

We've been under a constant bounce bombardment of bounced spams (from 
f*cking idiot admins who can't understand that you do not bounce after 
accepting, sorry for the language) where the majority of user names are 
roger[a-z][a-z]@example.com (where roger is any valid name).

We had one advance MX server that usually ran 32 connections out of 120 
and now we've had to bring on 3 additional servers all running 300 
connections and we've had to turn off SA processing because the incoming 
load is just too high.

I'd really like to take a bat to the knees of the spammer doing this AND 
the mail admins who bounce after accepting.

Just my $0.02

Rick

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

[Rick Macdougall <ri...@ummm-beer.com>]

Shane Williams wrote:
> On Wed, 21 Dec 2005, Rick Macdougall wrote:
> 
>> What I mean is servers that 250 OK an email message, then later on try 
>> to resend the message to a forged sender because ...  user is over quota
> 
> Now I'm confused.  Are you saying that running sendmail with procmail
> as the LDA is a Bad Thing?  As I understand it, it does exactly what
> you're describing when a user is over quota (but I admit my
> understanding might be flawed).  Either way, do you have
> recommendations on how to get sendmail to check quota before accepting
> mail?  Some milter, perhaps?  (I did a little googling but haven't
> come up with anything yet)
> 

Good question.  I moved away from / am moving away from sendmail for a 
variety of reasons and that is one of them.  I found adding a -t switch 
to the procmail delivery made it retry instead of bouncing but then you 
end up getting those 4 hour retry messages bouncing back.

IMHO, bouncing an over quota email is not a good thing but it is less of 
a bad thing than bouncing unknown users.

Rick

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

[Shane Williams <sh...@shanew.net>]

On Wed, 21 Dec 2005, Rick Macdougall wrote:

> What I mean is servers that 250 OK an email message, then later on try to 
> resend the message to a forged sender because ...  user is 
> over quota

Now I'm confused.  Are you saying that running sendmail with procmail
as the LDA is a Bad Thing?  As I understand it, it does exactly what
you're describing when a user is over quota (but I admit my
understanding might be flawed).  Either way, do you have
recommendations on how to get sendmail to check quota before accepting
mail?  Some milter, perhaps?  (I did a little googling but haven't
come up with anything yet)

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |      System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew@shanew.net
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

[Rick Macdougall <ri...@ummm-beer.com>]

Aaron Boyles wrote:
> Uh oh... I might be a guilty party here.  What do you mean by "bounce after
> accepting?"  With my own app, it receives the E-Mail, gets as far as the
> DATA command, does a quick overview of the E-Mail, and if it's considered
> spam, it returns a 550 - User Doesn't Exist instead of a 250 - Okay.
> 
> Is that what you mean?

No,

A 55x reject is a reject, not a bounce.

What I mean is servers that 250 OK an email message, then later on try 
to resend the message to a forged sender because user does not exist or 
user is over quota or (my favorite, you get black listed for this) you 
sent a message that was considered spam or a virus bounce.

If you 55x, you never accepted the email.

Regards,

Rick

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

["Jim C. Nasby" <de...@decibel.org>]

BTW, a friend of mine wrote a little perl script to keep a secondary MX
aware of what usernames are valid for a domain, which prevents the
secondary from accidentally accepting email for invalid users. The info
is at http://slacker.com/~nugget/postfixrelaymaps.php.
-- 
Jim C. Nasby, Database Architect                decibel@decibel.org 
Give your computer some brain candy! www.distributed.net Team #1828

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

[Jim Maul <jm...@elih.org>]

Matt Kettler wrote:
> Aaron Boyles wrote:
>> Uh oh... I might be a guilty party here.  What do you mean by "bounce after
>> accepting?"  With my own app, it receives the E-Mail, gets as far as the
>> DATA command, does a quick overview of the E-Mail, and if it's considered
>> spam, it returns a 550 - User Doesn't Exist instead of a 250 - Okay.
>>
>> Is that what you mean?
> 
> No.. bounce after accept means to not validate the recipient until after the
> whole SMTP session is done.
> 
> ie: a server set up to queue and forward all mail for a domain to an internal
> server without any checks of the recipient at all. Later the internal server
> rejects the mail because the user doesn't exist, resulting in a post-delivery
> bounce message being generated.
> 
> Most servers of this sort also self-flood with double-bounce messages.
> 
> 

ie: any standard qmail install.

-Jim

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

[Matt Kettler <mk...@evi-inc.com>]

Aaron Boyles wrote:
> Uh oh... I might be a guilty party here.  What do you mean by "bounce after
> accepting?"  With my own app, it receives the E-Mail, gets as far as the
> DATA command, does a quick overview of the E-Mail, and if it's considered
> spam, it returns a 550 - User Doesn't Exist instead of a 250 - Okay.
> 
> Is that what you mean?

No.. bounce after accept means to not validate the recipient until after the
whole SMTP session is done.

ie: a server set up to queue and forward all mail for a domain to an internal
server without any checks of the recipient at all. Later the internal server
rejects the mail because the user doesn't exist, resulting in a post-delivery
bounce message being generated.

Most servers of this sort also self-flood with double-bounce messages.