orbs.org recently tested our qmail server, I mailed them and they advised
that our server could be used as a "proxy mailbomb relay". By this they
mean that a message with a forged FROM: address and multiple bad
RCPT TO: addresses will generate multiple non-delivery reports being
sent to the forged FROM: address. Is it possible to stop this?
This is not a huge problem I'm just interested.
Thanks,
Tim Philip ([EMAIL PROTECTED]) (cnbcasia.com)
------------ HERE IS WHAT ORBS.ORG SAID ABOUT QMAIL: ------------
Kick Qmail's author.
To be honest, I regard qmail as a bit of a dog. It's great for mailing
lists, but as a general purpose MTA it has too many bad habits.
Apart from the accept, then process issue it also:
Only sends one RCPT TO:<> per message, even if multiple recipients are at
the same MX.
Opens as many connections to a remote server as it can in order to deliver
those individual messages in parallel.
It results in temporary denial of service attacks and huge amounts of
unnecessary bandwidth consumption. The program is designed around a
mentality of "I will deliver the mail _now_, _no matter what_", instead of
being a nice network neighbour and treating smtp as low priority data which
is given sensible backoff algorithms.
Regards
Alan Brown
-----------------------------------------------------------------
