I just saw mention on bugtraq of spammers trying to exploit
RCPT TO: <"[EMAIL PROTECTED]"@relay.host.name>
(where "relay.host.name" is the reverse dns name for the system
they're trying to relay through).
I wasn't sure how qmail would handle this, so I did a couple of quick
tests. Russel, hope you don't mind my bouncing one of them off one of
your systems.
What happened was that the mail was *accepted*, and then bounced
(qmail seems to have ignored the quotes in the address). This is
better than being an open relay by a lot, if not exactly perfect
(perfect means rejecting the relay attempt before accepting the mail,
of course). Of course in a real spam situation, the bounce would
bounce and become the problem of the intended-relay sysadmin. And
would it bounce once for every single name in the humongous list?
Dunno, didn't try that. I've already given up and configured to drop
doublebounces silently, anyway.
--
David Dyer-Bennet [EMAIL PROTECTED]
http://www.ddb.com/~ddb (photos, sf) Minicon: http://www.mnstf.org/minicon
http://ouroboros.demesne.com/ The Ouroboros Bookworms
Join the 20th century before it's too late!
