Re: [Declude.JunkMail] Imail nul

[Matt]

Someone recently experienced a situation where a spammer distributed a list of nonexistent addresses and totally hammered a domain with them.  It seems that not all spammers care about the purity of their data and an accepted message may get that address on their list, even if you accepted thousands of them.  If this wasn't the case, your point would make more sense, and I had contemplated this myself. I don't use nobody aliases now, I just let the messages bounce back, and this way legitimate senders will get their E-mails returned when unaddressable.  In the future there will likely be a method of detecting and stopping a dictionary attack, but for smaller domains, these attacks seem limited to only a list of a few hundred or thousand generic addresses. Matt Joe Wolf wrote: Sandy, I'm not going to claim to be an email server expert, but here's what I see... I could be wrong. When you're hit with a dictionary attack we all know they send to thousands of addresses at the domain. If the final delivery address is invalid the server creates an "Unknown User" (or whatever it's called) message that it tries to send back to the sender. If you have high queue retires those messages sit in the queue for a long time being retried over and over again. At least that's what appears to be happening to me. Now if I sent all those attempts to NUL then the server doesn't have to worry about all the unknown user messages, etc. and the queue will actually be open to valid traffic. I don't know if Imail will actually queue a message going to NUL or not. I've also noticed that on a couple of domains where the customer has a nobody alias the dictionary attacks cut off pretty quick. They don't attempt to go through the entire alphabet like they do on a domain without a nobody alias. I'm guessing that they don't want to waste their time either on a domain that will accept anything for an address? Like I said... I could be 100% wrong on this entire matter, but it seems reasonable. I'm open to the knowledge of those that know a whole lot more than I do. -Joe ----- Original Message ----- From: "Sanford Whiteman" <[EMAIL PROTECTED]> To: "Bennie" <[EMAIL PROTECTED]> Sent: Thursday, February 26, 2004 10:51 AM Subject: Re: [Declude.JunkMail] Imail nul all mail that was not sent to a valid user name will be passed to the alias "nobody". Which will resolve to "test". As the mail arrives in "test" it is deleted. Do you think that it's helping your server's performance to spool mail that will never be delivered to a human? The 'nobody' alias is the enemy of server integrity and performance. Please search the archives--they're down now--for lots of info. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================