[Gllug] ping

[Ryan Cartwright]

Nix wrote:
> On Wed, 08 Feb 2006, Ryan Cartwright stipulated:
> 
>>So they phoned me to complain that I was sending their client viruses
>>that were actually legitimate bounces, albeit as a result of a spoofed
>>sender.
> 
> 
> No mail server on the modern Internet should generate bounces for
> unroutable mail. (I'd hope the MessageLabs guy told you as much.)

I perhaps should have explained that I am aware of this hence the 
solution I applied as below. The setup that the above occurred under was 
inherited by me and this happened in one of my first few months in the job.

> 
>>[1] The server was running exim 3.2 at the time. I've since moved to
>>Exim 4 and through the wonders of ACL we no longer generate bounce
>>messages for unrouteable addresses we just reject the message at smtp
>>level. Saves a lot of overhead for our server especially as most of
>>the unrouteables were for spoofed (and false) addresses on our domain
>>used to send viruses from zombies.
> 
> 
> s/Saves a lot of overhead for our server/Stops our server being used as
> a spam source/

Spam source? Spam router maybe.

> The spammers and malware senders *intentionally* send mail and viruses
> to unroutable addresses with the intent of having them bounced to their
> real recipients.
> 

I've always assumed as much but can we really say that is the intent of 
*all* malware senders? We've had plenty of messages sent , apparently 
from zombies, to real (and not particularly guessable) addresses as well.

I put our ACL in place for the very reason of stoping our server 
bouncing these messages all over the place. I was amazed to see it was 
bouncing such messages when I arrived.

cheers
Ryan
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug