Hi, Last weekend I had an example of this happen to one of my backup mail servers. When I noticed the problem there were 27,000 NDR type messages it was trying to deliver. Mostly all were sent to random [EMAIL PROTECTED] and the mail server was diligently trying sending NDR's to every single one of them - most likely to faked or spoofed addresses. I could actually sit and watch more junk flooding in, they appeared to be coming from many compromised hosts so blocking the IP's didn't really help.
So it would be very useful if Xmail at least had an option so that it does not send all the bounced email messages. I realise this may not conform to the RFC's and I realise that not many people may use it, but it would still be a very helpful if the mail-admin found that NDR messages were getting out of hand. One or two legitimate senders may not know that their mail was not delivered, but when compared to the type of flood described here its a small price to pay Regards, Wolfy At 11:56 PM 3/10/2007, you wrote: > >Hello All... > >Recently a SPAMer started sending eMails to the server using a dictionary >for eMail addresses like [EMAIL PROTECTED], [EMAIL PROTECTED], etc. Then the >eMail Servers trys to send an eMail message back to the sender indicating >the eMail was >NOT delivered because of a bad eMail address. > >So I've set NoSenderBounce to 1. By changing this setting will this stop >this behavior? > >Next, I still need SenderBounce enabled for certain eMail accounts. I was >wondering why we don't push >down a lot of these configuration options to the domain level like >SmarterMail does? If a lot of folks using >xMail are ISP / ASP then this would make sense to have management control at >the domain level. > >I don't know if you guys have seen this but the SPAMers are now using your >eMail Server, if eMail bounce back >Messages are on, to effectively SYN Flood someone. The way this works is >they get hold of some domain then >point that domain's A to an IP that does NOT have an eMail Server associated >with it. Typically, these domains >don't have MX records. > >Then, they send a slow drip of eMails to the same domain, the effect is the >eMail Server tries to deliver the >bounce back to the sender over and over again. Each time the bounce back is >attempted an TCP connection >is attempted and of course a SYN is generated first. > >Now, imagine, that you have several 100 eMails in the message queue, all the >time, all trying to connect to that >same IP at various intervals based upon the time they were received. > >And now you get a SYN Flood. > >How do we solve this? Can you simply ONLY send eMails to domains that have >MX records? I know this >Probally violates and RFC, however, we else can we do until someone decides >to fix the larger SPAM issue. > > >Thanks, >Hal Dell >Managing Partner >Willow Grove, PA > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
