shane and rick,
thanks for your hints, will check it out soon.
Quoting Rick Macdougall <ri...@ummm-beer.com>:
yes i have two points why i dont use bounce-no-mailbox.
one is dictionary based spamming, meaning that if one
tries out hard enough, he will, by scanning with lots of
recipients, find out what valid user accounts exist on my
server. the other one is the problem called backscatter,
sending spam by bouncing back. although there seems to
be a patch in the wild for the latter.
however, if the patch you mention would deny the
communication, instead of reject the email, i would
certainly use it.
The patch in question rejects at the smtp communication level. It
does not cause backscatter. It's rejects the email with a 551 User
It does not stop the dictionary attack scenario but it can be set to
reject any email address after a configurable bad recipient limit
has been reached.
I'd recommend at least taking a look at everything it can do.
It can be found at http://www.interazioni.it/opensource/chkuser/ and
is incorporated into many qmail/vpopmail toaster scripts.