Les Mikesell wrote:
For any definition of 'valid MTA', an SMTP rejection *will* generate a bounce. For any recent virus and much spam, the bounce will go to some innocent and unrelated address, which may in fact be the intended target.
As an example, some Mytob(?) variants forge addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] (The virus in question masquerades as an account suspension notice.) For various reasons, we reject anything coming in from outside claiming to be from those addresses with "554 5.7.1 Forgery attempt detected: you do not have permission to send using this address."
Naturally, several times a week we get NDRs sent *to* those addresses explaining that the message "we" tried to send could not be delivered.
Clearly, for whatever reason some of these *are* being relayed through a real MTA. Half the time the target address doesn't even exist, and we would still be getting the "User unknown" NDRs if we weren't rejecting them in filter_sender.
-- Kelson Vibber SpeedGate Communications <www.speed.net> _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
