From: Noel Jones (njonesmegan.vbhcs.org)
Date: Thu Feb 07 2008 - 10:22:56 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Thu, 7 Feb 2008, Alejandro Facultad wrote:
>> Noel, I want people from Internet that send messages to non existant
>> users from my domain they don't get an error code (550) but they must
>> get an 250 success code. They don't have to know which mail accounts
>> are valid or invalid, they must see ALL accounts as valid, because
>> nowadays there are a lot of intruders getting our mail accounts,
>> probing time after time via telnet port 25 and if they get code 250
>> they get a valid account. We want the intruders always get code 250 so
>> they can't discriminate between valid and invalid mail accounts.
>>
>> I work for a company with strong security policies for mail accounts.
>>

This was a common practice several years ago. Current best
practice suggests it's a very, very bad idea.

If you accept mail to all users, you must then either discard
or return a bounce for the undeliverable messages.

If you discard them, then legit senders that simply mistype a
name will never know their mail wasn't delivered, and the
intended recipient won't know they missed something possibly
important.

If you bounce them, your mail queue will be filled with
*millions* of undeliverable messages, slowing your system to a
crawl. And many of the messages are are delivered will go to
forged addresses, causing the innocent recipient to blacklist
your server.

... a very very bad idea.

--
Noel Jones

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]