Bernd Prünster writes:
On 21/08/13 12:52, Sam Varshavchik wrote: > They typically don't handle it, until someone uses them as a mailbomb > proxy source, they get blacklisted, and then they'll figure out what > they want to do. So basically it is by design that Courier does not issue DSNs to external email addresses? Can I configure courier to use SPF and decide based on that if a DSN request should be honoured?
You can try removing the ESMTP_BLOCKBACKSCATTER setting from the courierd configuration file. Used to be, by default, that DSNs were delivered. Times have changed.
My university for example is blacklisted on a regular basis because of successful phishing attacks that lead to abusing the mail gate for spamming. They do however issue DSNs when requested so it does not seem to be a problem for them. Now that I think of it, I cant remember that my DSN request was ever ignored. Just being curious here...
It's not a very well known attack vector. But it does exist, and for the few victims, it's not fun.
pgpvD15kJhj6Q.pgp
Description: PGP signature
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
