Rick Widmer schrieb:

Tom Collins wrote:


Please reconsider that recommendation. Perhaps some discussion on the list is in order...

Discussion is most welcome.  That's a major reason why I posted it.

With chkuser, is it possible to pull a joe-job?  The spammer connects
> directly to my SMTP server, but I reject it at the SMTP level instead
of  generating a bounce that I then try to deliver to the actual target
> (the forged sender of the message).

Good question. Anyone know off the top of their head how this works.

Joe-Job means, that someone is using your address as sender for a spam-mail (or 5 million spams). They aren't relayed through your server, so there's little you can do about that.
But you get the bounces...and there are lots.

SPF et.al is supposed to eliminate this, but it's a technology of the future (and always will be...).

I guess I should, as I use chkuser too. I'm thinking either delete or bounce should act the same and reject non-existent users. I know I can't forward mail to a catchall account and still reject non-existent users. This topic should probably be added to the file since it does affect how deliveries work on the server.

Setting a "catchall-delete" means, you've got to spam-check and clamav-check each of the thousand of spams and viruses that those bone-head spammers try to send to your non-existent accounts. Just imagine you've got a whopping 10k domains with this activated by default and get several hundret thousands of additional spams per day that you've got to process and then throw away.
A nightmare.
I'd even advocate an "R U Serious, dude?" popup, if someone wants to activate this setting in qmailadmin.

You might have mixed that up with some "discard double bounces patch".


Reply via email to