|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: virtual_alias_maps: rewriting outbound
From: mouss (usebsd
free.fr)
Date: Sun Jul 02 2006 - 15:51:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris McKeever wrote:
> I must be missing something from A->C. I just read the above
> mentioned thread.
>
> 1) If a user doesnt exist, you want to notify the sender of this -
> correct??
>
_his_ MTA will notify him. your role is to reject the message so that
his MTA knows the address is not valid. don't get toooo collaborative.
everybody keeps his cows and we'll get good milk...
> 2) If a spammer sends as someone else to a non-existant user on your
> system (barirng IP block or sender verification), you will inevitably
> send a message to the spoofed sender based on 1)
>
Assuming the spammer is using a honest ISP mail relay, then when you
reject the transaction at smtp level, that ISP will have this failure in
his logs. Assuming the ISP is not too dumb, he will then detect that the
"source" generates too much errors and will be able to find the offender.
If you bounce, the ISP notices nothing (it's the opposite: he will thing
the spammer is a good guy....), and the joe jobed guy will hate you.
If the spammer sends directly to you, then he can do whatever he wants.
> 3) If the server setup rejects mail that isnt destined for a 'relay'
> or local domain, then that stops that component of mail from coming in
>
??
> 4) IF the last piece of the virtual expansion is a LDAP lookup which
> only returns valid users, since anything that is performed (aka
> rewritten) prior to that will recursively get to the LDAP lookup
> doesnt that handle all recipient validation (assuming I understand 1
> above correctly)
>
As said before (see Magnus mail). alias expansion and recipient
validation are different things. alias expansion (the actual
rewrite/forwarding) is recursive. recipient validation is not.
> like I said, maybe I am missing a bridging piece here ..
>
> possibly if someone could show a what the backscatter spam attempt
> would do in terms of
> email path that would help.
>
Spammer send mail with sender=moussnetoyen.net to an some
guessedyourdomain.example.
[CASE 1] you queue the message, then bounce it. I then get a bounce from
your server telling me that "guessedyourdomain.example" does not exist.
How do you think I'll feel?
[CASE 2] you reject the message (at smtp level). then you're not
responsible.
Whether another MTA bounces the message or not is not your problem. But
you'll say: what is the difference? The answer is: That MTA's admin have
more chances to identify the original offender than you.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]