[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
I do not agree. There is a place for putting :BLACKHOLE: on the catchall of a domain (other than for gauging volume of spam). In the situation you describe ... Spammer has sent email to user(s)@domain.com with fake return addresses within yourdomain.com Most individuals with their own mailservers (on dsl lines most likely) don't run MX's they use smart hosts or backup MX's with their ISP. Eitherway neither the smarthost nor the backup MX has any knowledge of whether an email address at the domain exists. So the bounce comes back from daemon@xxxxxxxxxx to fake(s)@yourdomain.com. Smarthost trys to deliver this to your server and you respond "no such user" so the smart host sends a response back to daemon@xxxxxxxxxx "no such user". (Consider you could also have smart hosts at both ends ... Yuk). So if a person is plagued with spam email or having their domain hijacked by a spammer or dictionary attacked - how can this be better (and less resource intensive) than sending an email to the bit bin if it's incorrectly addressed ? I'm sorry but "best practices" are just that and there will always be exceptions. I've been following a customers exchange server overnight which was taken offline "no such user" responses. Yes maybe they shouldn't be building exchange servers that cannot cope with thousands of "no such user" messages -- but unfortunately there are loads of boxes out there just like this one. Rant over ... Best regards Mick E: mick@xxxxxxxxxxxx > From: Simon Waters <simon@xxxxxxxxxxxxxx> > Reply-To: <list@xxxxxxxxxxxxx> > Date: Thu, 25 Jun 2009 12:38:31 +0100 > To: <list@xxxxxxxxxxxxx> > Subject: Re: [LUG] email > > Mick Vaites wrote: >> Unfortunately if someone has run a dictionary attack on a domain the number >> of unwanted responses to locations that don't exist is a pain for everyone - >> so you cannot win either way. > > No if you do it James's way - we all win. > > Which is why the best practice docs all recommend it. > > The dictionary attacks aren't an issue in that case. > > Where the spammer uses random addresses, and uses your domain, via a > third party box, you'd only see bounces for genuine addresses at your > domain. Marginally less resource intensive that feeding it to /dev/null ;) > > If you have /dev/null in your email configuration anywhere, I regard it > as a failure. Although I do have one domain I forward to /dev/null, it > is only for the purposes of logging how much spam would have been > delivered. Since there are no email addresses that work in that domain > (except postmaster@ of course!) and it is unlikely to be a mistype of an > existing domain name, I don't regard that domain as "email". > > -- > The Mailing List for the Devon & Cornwall LUG > http://mailman.dclug.org.uk/listinfo/list > FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html