I had assumed that most of these bounces would be standard bounce messages, thus it would be next to impossible to separate legitimate bounce messages from illegitimate bounces.
Given that most mail servers clip most or all of the original message, and replace the subject, how would you identify the illegitimate messages? Darin. ----- Original Message ----- From: "Len Conrad" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 09, 2004 1:05 PM Subject: Re: [IMail Forum] Are we vulnerable >I'm afraid there's not much you can do about this one. With one machine, no. These kinds of high-volume, widely sourced attacks, and spam in general reaching 70+% of all SMTP traffic, expose the irresolvable weakness of trying to defend against high-volume attacks with the mailbox server (and any add-in software that requires complete reception of every single message in order to reject) as the MX and as only line of defense. But with a separate machine as MX front-end, the bulk of these messages, coming from other mail servers bouncing to MXs, would be blocked by string matching on the subject: header, mime headers, and/or body. The mailbox server, and most of all, the users would not feel the effects of the attack. The mail admin staff could also relax and have fun watching the carnage. Len _____________________________________________________________________ http://MenAndMice.com/DNS-training : Atlanta; SFO; Denver; NYC http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
