[Mimedefang] Re: common practice
Kelson Vibber
kelson at speed.net
Fri Dec 5 15:10:07 EST 2003
At 10:39 AM 12/5/2003, Jeremy Mates wrote:
>No, the forged sender will usually receive some form of delivery status
>notification message from the mail server you issue the action_bounce
>to.
Well, technically, *you* don't have to worry about generating it... :-)
And it's only an issue for relayed spam. If it's direct-to-smtp or using a
trojan/virus-infected machine, chances are the reject will simply be
ignored instead of generating a bounce.
>I see them in my logs all the time, and have had to lock off the
>usual service accounts due to 'ftp at sial.org' and similar being forged
>and filling up /var/mail behind my back.
We've had to do the same thing, but for incoming spam sent to accounts like
ftp, adm, bin, games, and so on. Actually, we route them to a spamtrap
that gets periodically checked and reported to Razor, Pyzor and sa-learn.
We've seen bounces from spam forging our domain name - lots of them,
actually - but they're mostly using random addresses like
sdaf876a at speed.net. Thankfully, we haven't seen any large-scale forging of
real accounts. Not yet anyway.
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list