 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / IIS / SMTP/NNTP / October 2008basic questions
I haven't been paying too much attention to my smtp service until recently... i have started to see lots of apparent probes with random user names at my domain. these i assume send out a failure message for an unknown user. Is it possible, or even advisable, to not send a bounce message? or would that make the spammers think there really was a mailbox by that name and they would keep sending?? i hate to be the source of bounce messages if the from address is forged, is there a better way to prevent this?? maybe enable rdns lookup of incoming messages? > I haven't been paying too much attention to my smtp service until > recently... i have started to see lots of apparent probes with > random user names at my domain. these i assume send out a failure > message for an unknown user. That means that you are a backscatterer, and this can itself get you blacklisted in some quarters. It's frankly unacceptable in 2008 to run a mailserver that accepts mail for unknown recipients. This might have been okay through the early 2000s, but it is a worst practice today. So never mind what to do with the resultant bounce; you need to reject during the initial SMTP convo so that there is no bounce whatsoever. What version of IIS are you running? --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. ------------------------------------ >> I haven't been paying too much attention to my smtp service until >> recently... i have started to see lots of apparent probes with [quoted text clipped - 11 lines] > > What version of IIS are you running? this is on server 2003 standard with sp2. >> I haven't been paying too much attention to my smtp service until >> recently... i have started to see lots of apparent probes with [quoted text clipped - 11 lines] > > What version of IIS are you running? It may not be quite as bad as i first thought, i saw lots of mail in the badmail directory, but comparing that to outgoing connections in the smtp log shows only a few of them actually generated bounce messages. it looks like i am getting bounces because my domain is being used as the sender, am i right that iis/smtp service is smart enough not to generate a bounce when it receives a bounce like that?? note that i set this server up just to receive my mail, i don't use it for outgoing mail at all because its on a dsl line (with static ip), but many receipients reject it anyway. I have some regular incoming emails that are rather large and i don't want the isp mail server to back up with them so i just have them forwarded direct to my server instead, this works just fine. i do have relaying set up to only pass addresses on my lan, so i'm pretty sure its not relaying anything at least. > It may not be quite as bad as i first thought, i saw lots of mail > in the > badmail directory, but comparing that to outgoing connections in the smtp > log shows only a few of them actually generated bounce messages. Badmail records double-bounces: messages whose recipient was nonexistent or otherwise undeliverable, AND whose sender was nonexistent or otherwise undeliverable. Since a bounce message was not successfully accepted for delivery, the message content is archived. So you are greatly underestimating the problem if based solely on the # of messages in Badmail. Backscatter consists of both _successfully transmitted_ bounces from your server in response to incoming spam (bounces successfully accepted for users whose address was spoofed to send spam), and _attempted_ bounces that were not accepted for whatever reason (when the sender address+domain was completely randomized and nonexistent, when the domain existed but not the full address, or when the sender address was legit but the sender's MX heuristically detected that your bounce was backscatter and rejected it at the envelope). The latter case will end up in Badmail. The former will not, by definition. > it > looks [quoted text clipped - 3 lines] > when > it receives a bounce like that?? I think you're confusing two different sides of the battle. Incoming bounces don't result in additional bounces generated by your server. Spammers may use your domain as the sender, which results in you being the _victim_ of backscatter. Or spammers may use another domain as the sender and send to unknown users at your domain; if you accept these messages and bounce them afterward (instead of rejecting them at the envelope), then you are the _creator_ of backscatter -- the victim being the impersonated sender domain. > note that i set this server up just to receive my mail, i don't use it > for > outgoing mail at all because its on a dsl line (with static ip), but many > receipients reject it anyway. This sentence really doesn't add up. If you "don't use it for outgoing mail at all", then who are the "recipients" who "reject it anyway"? > I have some regular incoming emails that > are [quoted text clipped - 4 lines] > i do have relaying set up to only pass addresses on my lan, so i'm pretty > sure its not relaying anything at least. I agree that you are not relaying. But plenty of damage can be wreaked without relaying. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. ------------------------------------ >> It may not be quite as bad as i first thought, i saw lots of mail >> in the [quoted text clipped - 65 lines] > Cypress Integrated Systems, Inc. > ------------------------------------ ok, so what can i do to prevent whatever is bogus from bothering other servers? i don't care if my server looks like a black hole for junk mail coming in, but how do i do that with server 2003? > ok, so what can i do to prevent whatever is bogus from bothering other > servers? i don't care if my server looks like a black hole for junk mail > coming in, but how do i do that with server 2003? If by "whatever is bogus" you mean "whatever was addressed to unknown recipients", then you can write a quite simple SMTP event sink VBScript to just delete anything that wasn't addressed to valid recipients on your mailbox server. You could export and store the valid recipient list in a text file and have the event sink read the list from there. However, you must note that in using this method, you definitively prevent legit senders who simply _mistyped_ the recipient address from getting any notification. In most companies, that is unacceptable; you may have the kind of special case in which that's fine. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. ------------------------------------ |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.