Re: Distributed Dictonary email slam

[Jared Mauch <jared () puck nether net>]

On Sun, Sep 05, 2004 at 07:58:06PM -0400, Christopher X. Candreva wrote:
> On Sun, 5 Sep 2004, Matt Hess wrote:
>
> > source hosts.. Now being as we are a secondary mx I'm dropping their record
> > out of our email system as I write this, however, I am curious if other have
> > gone through or are currently going through something of this magnitude (12K
> > spam/dictionary msgs per hour destined to one domain and that's just what is
>
> You want to keep a list of valid accounts on the secondary so you can refuse 
> mail for non-existing accounts on the secondary too.
>
> If you don't care about yourself -- relize that if, say, all of these mails 
> have a return address forged from the same domain, you will be DOSing THAT 
> site with the bounce messages.  This is enough for some people to block mail 
> from you.

        does anyone have some pointers to a good (possibly radius+sendmail)
based approach for checking this?

        i'd like to have my backup mx host reject mail for non-existant
users/aliases as long as the primary is up, but if it's down, it should
accept them and queue, plus possibly cache misses for a period of time (24h?)

        - jared

-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.