[Mimedefang] Re: common practice
Jeremy Mates
jmates at sial.org
Fri Dec 5 13:39:57 EST 2003
* Kelson Vibber <kelson at speed.net>
> If you want to block all of them on the same criteria, I recommend
> just using action_bounce. This will send an SMTP reject code, so you
> don't have to worry about generating bounce messages to possibly fake
> senders - *and* if it's a false positive, the sender knows his mail
> didn't go through.
No, the forged sender will usually receive some form of delivery status
notification message from the mail server you issue the action_bounce
to. I see them in my logs all the time, and have had to lock off the
usual service accounts due to 'ftp at sial.org' and similar being forged
and filling up /var/mail behind my back.
Dec 5 10:34:21 <mail.notice> darkness sm-mta[5842]: hB5IYLDS005842: <faichney at sial.org>... User unknown
Dec 5 10:34:22 <mail.info> darkness sm-mta[5842]: hB5IYLDS005842: from=<>, size=3918, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=smtp1.clb.oleane.net [213.56.31.17]
Can we implement SMTP+SPF already?
More information about the MIMEDefang
mailing list