Stuart wrote: > Bojan Zdrnja wrote: >> >> I completely agree with Gary. Rejecting e-mail for non existent users *at >> the front-end* is a MUST.
> I thought that rejecting non-existent users at SMTP time was considered > a bad idea because now the spammer knows that any messages that are > accepted are valid email addresses. Is this no longer considered a best > practice? > I'm just curious to hear opinions -- thanks, > Stuart Johnston I can see how this may have been true, and I can also see how this concept may have contributed to the current situation. My personal experience is that massive dictionary attacks are a fairly recent phenomenon and are becoming ever more prevalent. There would be some advantage to 'accept then silently discard' (no DSN or reject is sent) but this would of course not be RFC compliant. A legitimate user could send important messages to a recently terminated employee and have no idea that those messages have been silently discarded, the fate of the planet could have hinged on those messages, so I think a reject notice is imperative (and it costs you nearly nothing). I've read that Exchange 2003: "Exchange can now be set up to refuse messages for nonexistent users, and you can choose not to send a non-delivery receipt (NDR) when a message arrives for a nonexistent user. This prevents the common dictionary attack where a spammer tries to determine which e-mail addresses are valid in your domain by sending test e-mails to thousands of names and watching for NDRs. So it looks like Redmond is shifting its philosophy, but like I said, IMHO not sending reject notices (at least for nonexistent users) is dangerous. In the past it was also more common to have a single SMTP/POP3/IMAP server that could immediately reject mail to nonexistent users, and therefore keep the deferred queue at a reasonable level. The problem today is that more and more gateway servers are coming into play, and these gateway servers will simply get killed if they don't have a mechanism to reject this mail. If they were to deliver it, as noted earlier, the downstream server will reject it, then it becomes the gateway's responsibility to prepare and attempt delivery of a DSN to the (bogus) sender. This DSN would never have existed in a single SMTP/POP3/IMAP server setup. Any more, it's a matter of survival. My 0.02, Gary V ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
