I'm starting to think that this discussion is going no where. If there are thousands of bounced email messages, coming from all kinds of servers (and hence all kinds of IP addresses) to your server, your server will either have to process all those thousands of bounced email messages or find a way to block the mass of bounced emails. I'm guessing there is no way of doing that unless you know ahead of time where those thousands of bounced email messages are coming from - and many may be coming from perfectly legitimate locations, so you might not want to block those addresses. Am I way off base here, because if so, the original message that explained this proposed threat definitely wasn't written clearly enough (because this is the understanding that I see when I read that article).
Scott Smith - IT Manager Westside & Detroit Reprographics 248.489.1999 (Office) 248.467.0452 (Cell) [EMAIL PROTECTED] ----- Original Message ----- From: "Travis Rabe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 09, 2004 12:09 PM Subject: RE: [IMail Forum] Are we vulnerable > Not recommended, but you could block NULL sender,s or better yet, the IP > address at the Firewall level. > > > Travis > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Scott Smith > > Sent: Friday, April 09, 2004 9:04 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [IMail Forum] Are we vulnerable > > > > > > Okay, which is basically what I said (except that the original > > email doesn't > > come to your server, but to another server). The point being, all the > > thousands of bounced messages still come to your server. Isn't that what > > the whole problem is? How would you block all those thousands of bounced > > messages from coming at your server? > > > > Scott Smith - IT Manager > > Westside & Detroit Reprographics > > 248.489.1999 (Office) > > 248.467.0452 (Cell) > > [EMAIL PROTECTED] > > > > ----- Original Message ----- > > From: "Darin Cox" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, April 08, 2004 11:35 PM > > Subject: Re: [IMail Forum] Are we vulnerable > > > > > > > Not quite...the situation is this > > > > > > - Email gets sent out from another source. > > > - Email has a large number of cc and/or bcc addresses > > > - Return address for the email is a forged address on your server > > > > > > Result: all of the bounces, flames, etc. come back to you (from each > > > individual recipient/mail server) via the forged from address. > > > > > > So the threat is a single source email could result in a large number of > > > emails targeted at a particular address. > > > > > > Darin. > > > > > > > > > ----- Original Message ----- > > > From: "Scott Smith" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Thursday, April 08, 2004 11:01 PM > > > Subject: Re: [IMail Forum] Are we vulnerable > > > > > > > > > Okay, since I am relatively new to email adminstration, please help me > > > clarify something. > > > > > > I read the original message of this thread as saying that someone could > > send > > > a single email to your server, and in that email could be > > thousands of bad > > > email addresses to cc the email message to. So then all of a > > sudden your > > > server would start receiving the same thousands of bounced > > email messages > > > back to it (because the original message would somehow disguise > > it so that > > > your server was implicated as the sender of all those bad > > messages). Did > > I > > > read that correctly? > > > > > > If that was the case, then wouldn't you have to find a way to > > block all of > > > those thousands of "bounced" email messages hitting your server (which > > would > > > probably be coming from thousands of IP addresses)? > > > > > > Please, correct me if I'm wrong - I'm really only a newbie... > > > > > > Scott Smith - IT Manager > > > Westside & Detroit Reprographics > > > 248.489.1999 (Office) > > > 248.467.0452 (Cell) > > > [EMAIL PROTECTED] > > > > > > ----- Original Message ----- > > > From: "Nick Hayer" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Thursday, April 08, 2004 6:26 PM > > > Subject: Re: [IMail Forum] Are we vulnerable > > > > > > > > > > On 8 Apr 2004 at 18:12, Scott Smith wrote: > > > > > > > > > Actually, if I'm not mistaken, it would be hundreds, or > > thousands, of > > > > > IPs hammering you with unwanted email. > > > > A daily occurance... > > > > > > > > I believe Mark was referring to a single server doing a joe job hense > > > > my comment of dynamically block an "IP"; for clarification - > > > > dynamically block multiple ip's once a certain threshold over time of > > > > unwanted emails arrives. Configurable X time and X amount. If w/DJM > > > > then by time and X weight. The latter is kinda a 'blend' of DJM and > > > > DHijack. [non-existent but would be neat] > > > > > > > > -Nick Hayer > > > > > > > > > > > > > > > > > > > > > > Scott Smith - IT Manager > > > > > Westside & Detroit Reprographics > > > > > 248.489.1999 (Office) > > > > > 248.467.0452 (Cell) > > > > > [EMAIL PROTECTED] > > > > > > > > > > ----- Original Message ----- > > > > > From: "Nick Hayer" <[EMAIL PROTECTED]> > > > > > To: <[EMAIL PROTECTED]> > > > > > Sent: Thursday, April 08, 2004 5:59 PM > > > > > Subject: Re: [IMail Forum] Are we vulnerable > > > > > > > > > > > > > > > > On 8 Apr 2004 at 16:46, Mark wrote: > > > > > > > > > > > > > This is a disturbing story. How can we configure our servers to > > > > > > > prevent this? > > > > > > > > > > > > Turning off the NOBODY alias would be helpful right off. I do not > > > > > > know a way to dynamically block an IP that hammers you > > with unwanted > > > > > > mail but that would be a nice feature.. > > > > > > > > > > > > -Nick Hayer > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Mark > > > > > > > > > > > > > > > > > > > > > It is easy even your granny could do it > > > > > > > > > > > > > > By<mailto:[EMAIL PROTECTED]> INQUIRER staff: Thursday 08 > > > > > > > April 2004, 07:49 EXPERTS IN "computer security" have > > worked out a > > > > > > > simple way to knock out any email server. > > > > > > > > > > > > > > A team at NGS Software said that the trick involves > > sending forged > > > > > > > emails that contain thousands of incorrect addresses in > > the "copy > > > > > > > to" fields. > > > > > > > > > > > > > > When this package is sent, huge quantities of unwanted > > email will > > > > > > > be sent to another mail server. > > > > > > > > > > > > > > All it takes is finding a server configured to return an email > > > > > > > with attachments to each incorrect address. Next you > > have to forge > > > > > > > an email so it appears to come from the mail server > > that is to be > > > > > > > the target. > > > > > > > > > > > > > > When the forged email, complete with the thousands of incorrect > > > > > > > addresses is sent, an avalanche of "bounced" messages > > sent to the > > > > > > > target server causes it to crash. > > > > > > > > > > > > > > According to New Scientist, with one little 10K email, hackers > > > > > > > could then send 100MB back to a server. > > > > > > > > > > > > > > A third of the email servers of all Fortune 500 > > companies are, it > > > > > > > appears, open to this kind of attack. If the hacker used an > > > > > > > insecure email server the attack would be virtually untraceable. > > > > > > > Oh great. > > > > > > > > > > > > > > > > > > > > > --- > > > > > > > [This E-mail scanned for viruses courtesy of Netslyder, > > > > > > > Inc.(http://www.netslyder.net)] > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: > > http://www.ipswitch.com/support/mailing-lists.html > > > > > > > List Archive: > > > > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > > > > List Archive: > > > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > > > List Archive: > > > > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge > > > > > Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
