[Mimedefang] protectect against bounce back delivery
Malcolm Valentine
mvals at tech2u.com.au
Tue Apr 6 22:58:11 EDT 2004
On Wed, 2004-04-07 at 02:29, Lucas Albers wrote:
> How could you use mimedefang to protect against this particular spam
> technique, of bounce-back delivery?
> I think I am understanding the attack techniqueue correctly.
>
> EMAIL attack could kill servers
> New Scientist - London,England,UK
> ... carefully constructed emails has been identified by a team of computer
> security experts. ... The exploit depends on finding a server configured
> to return an email ...
> <http://www.newscientist.com/news/news.jsp?id=ns99994858>
The issue of dealing with an unwanted email flood is a DNoS issue.
Identifying fake bounce messages could be handy for a number of things
though. If you add a header to outgoing email, that would help.
a) Check if incoming email is a bounce message.
(Is the Content-Type: report-type=delivery-status header reliable
enough for this? What about Return-Path?)
b) Check if bounced message contains your header.
c) Quarantine legitimate bounced attachments (why fill up someones
mailbox with something they most likely have already?).
Of course, if all your outgoing email doesn't pass through your mail
servers, you can't just reject bounce messages without your header.
Things could get ugly too if you incorrectly bounce a legitimate bounce
message ... smtp ping pong...
Regards,
Malcolm V.
More information about the MIMEDefang
mailing list