d...@stean.ch wrote:
hello rick,

yes i have two points why i dont use bounce-no-mailbox.
one is dictionary based spamming, meaning that if one
tries out hard enough, he will, by scanning with lots of
recipients, find out what valid user accounts exist on my
server. the other one is the problem called backscatter,
sending spam by bouncing back. although there seems to
be a patch in the wild for the latter.

however, if the patch you mention would deny the
communication, instead of reject the email, i would
certainly use it.

The patch in question rejects at the smtp communication level. It does not cause backscatter. It's rejects the email with a 551 User unknown response.

It does not stop the dictionary attack scenario but it can be set to reject any email address after a configurable bad recipient limit has been reached.

I'd recommend at least taking a look at everything it can do.

It can be found at http://www.interazioni.it/opensource/chkuser/ and is incorporated into many qmail/vpopmail toaster scripts.




Reply via email to