Backscatter exists only if you first accept the email and then later
bounce it. By using bounce-no-mailbox, you tell the sending server
during the smtp conversation that you are not going to accept email for
that account as it does not exist, therefor you dont send backscatter,
the other server however might.
The chkusr patch is a very useful utility. You can configure how many
invalid recipients to allow before ignoring the remaining smtp
conversation. So if you set it to say 3, once the sending server gets 3
"no such user" hits, the rest of the addresses that are tried are
ignored as being over threshold and circumventing the dictionary attack
to a great extent. Deleting the spam, you are essentially saying that
every single address to every single domain exists on your server.
yes i have two points why i dont use bounce-no-mailbox.
one is dictionary based spamming, meaning that if one
tries out hard enough, he will, by scanning with lots of
recipients, find out what valid user accounts exist on my
server. the other one is the problem called backscatter,
sending spam by bouncing back. although there seems to
be a patch in the wild for the latter.
however, if the patch you mention would deny the
communication, instead of reject the email, i would
certainly use it.
Quoting Rick Macdougall <ri...@ummm-beer.com>:
i am using vpopmail 5.4.17 with cdb backend and i would like to know
if there are some real logging capabilities for it.
i have a rather big tool chain installed on the server around qmail
and i need to have an overview of what happens with all the e-mails.
this includes the path they took through that chain until they land
inside the users maildir, or the reason and location they got
now, using for example vdelivermail with the option delete, qmail
will log in either way that the delivery was successful, however,
for the overall statistics i get a wrong result, because delete
mail (wrong recipient) is not the same than a mail delivered to an
as far as i know vdelivermail does not log anything? any plans for
You should really have the chkuser qmail patch installed and use
bounce-no-mailbox instead of delete.
Is there a reason why you are using delete rather than rejecting
unknown users in the smtp conversation ?