Security Incidents mailing list archives
Re: Run a mail host with a public MX record? Seeing large numbers of bounces?
From: Richie B. <richie () NO-SPAM-HERE com>
Date: Fri, 14 Sep 2001 04:50:04 -0400 (EDT)
Andrew van der Stock wrote:
The scenario is this: SpamInjector talks with the victim mail host. The victim mail host will accept the mail, but there's a problem. The response from the victim box causes spam to the spam recipient, but of course the victim host's fingerprints are all over it.
I see what you are saying. Nasty scenario to prevent.
Anyone else seeing this? We've been tossing around mechanisms to stop it, but all the alternatives break compliance with the RFC, and will certainly cause mail lists to be far less useful.
I haven't seen it myself, but most mailinglists use this feature to remove non-existing addresses from their subscribers list. If you want to make this abuse of your mailserver totally useless, make sure that the bounce only includes the appropriate headers, and not the body of the original message. This way it will be quite hard for the spammers to get their full message accross. -- Richie ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Run a mail host with a public MX record? Seeing large numbers of bounces? Andrew van der Stock (Sep 13)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Richie B . (Sep 14)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 14)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 15)
- Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?) Andrew van der Stock (Sep 16)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 15)