bounces are a waste of time anyway you look at it. in my experience only a tiny fraction of bounces are directed back to the real sender of the bounced email. this tiny fraction results from people manually typing the address and misspelling it or having a misspelled address in their address book. in either case it is a very rare occurrence.
the vast majority of the time the return address is bogus or points to a server with stateful/stateless packet inspection or NAT blocking inbound connections to port 25. in either of these cases the burden of cpu, storage, or bandwidth resources is placed on the victim server. do we need configurable fast-fail to protect the victims? i think we do. spammers and other evil net citizens don't care unless their own systems are adversely affected. i recently had to install a software firewall with stateful packet inspection to block groups.yahoo.com to get yahoo to stop sending my server thousands of messages per day. the only reason they stopped sending me mail was because i was able to convince them that the burden of resources would fall on them.......it was their servers that would have to churn and grind the messages because they were unable to connect to my server. without fast-fail the criminals have all the rights and the victims just remain victims. just my 2 cents worth. --randy ----- Original Message ----- From: "Chris Means" <[EMAIL PROTECTED]> To: "'James Users List'" <[EMAIL PROTECTED]> Sent: Thursday, November 06, 2003 1:27 PM Subject: RE: Lots of unauthorized emails I think this could also be the result of a new type of SPAM attack. The mechanism essentially relies on your server rejecting the message as the recipient is invalid, and sending an error back to the originator, except that the SPAMmer has spoofed the "sender/reply-to" header to be the actual intended recipient of the SPAM, thus using your server to "relay" the message. Here's an article on it: <http://www.cmsconnect.com/Praetor/RNDR/prRNDR.htm> At this time, I believe the only recorse is to disable notifying a sender of an invalid recipient. Any other suggestions? > -----Original Message----- > From: James Kearney(hotmail) [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 06, 2003 1:07 PM > To: James Users List > Subject: Re: Lots of unauthorized emails > > thanks for the advice steve, > > I have scheduled the ordb test, but I am confident that this > is not the problem, as I have checked the smtp server using > telnet and the Auth is working fine. > > I did disable the RemoteAddrNotInNetwork, but I am sure that > these mails are coming from an outside source using the smtp > server. I have ip addresses of connections coming from > outside my network, and error messages about emails that I > sent, and lots of emails in the mail/outgoing directory that > I have not sent (these have now been removed). > > I have also changed the password for remote config, and the > passwords on the user accounts... Hopefully this will remedy > the situation - if not I am not sure what else I will do - > but I will just have to wait and see. > > thanks for the help - much appreciated, > > james > > ----- Original Message ----- > From: "steve" <[EMAIL PROTECTED]> > To: "James Users List" <[EMAIL PROTECTED]> > Sent: Thursday, November 06, 2003 6:58 PM > Subject: Re: Lots of unauthorized emails > > > > Did you disable the RemoteAddrNotInNetwork entry in the config.xml > > when you setup SMTP-auth? I ran into a trouble once when my > firewall > > made all email look like it was coming from an internal connection > > (namely, the firewall's ip address). > > > > That was quite a while ago, but I think that is right. > > > > I also recommend the relay test suggesten by Steven Harris; just be > > aware that if you fail, your address will be listed by > ordb.org as an > > open relay until you correct the issue and have them re-test. > > > > Steve B. > > > > ----- Original Message ----- > > From: "James Kearney(hotmail)" <[EMAIL PROTECTED]> > > To: "James Users List" <[EMAIL PROTECTED]> > > Sent: Thursday, November 06, 2003 12:30 PM > > Subject: Re: Lots of unauthorized emails > > > > > > Vincenzo, > > > > thanks for all the help. I will delete those messages. > > > > Unfortunately, quite a lot have a date that is after I set > up SMTPAuth... > so > > not quite sure what to do about that. > > I have telneted to the smtp server, and smtp auth seems to > be working > ok... > > > > I will change the passwords of my accounts (only have three > passwords, > > the admin password, my password, and postmaster password). > > > > Hopefully changing the passwords might stop it - but I suspect that > > this isn't the problem. > > > > james > > > > ----- Original Message ----- > > From: "Vincenzo Gianferrari Pini" > <[EMAIL PROTECTED]> > > To: "James Users List" <[EMAIL PROTECTED]> > > Sent: Thursday, November 06, 2003 5:22 PM > > Subject: RE: Lots of unauthorized emails > > > > > > James, > > > > yes, those are all messages waiting to be sent. Just delete all the > > files (better to stop James before doing that). > > > > Have a look at the date/time: are thy <= to the moment you > did set up > > SMTPAuth? if yes, it is likely that you have been exploited > as an open > > relay, otherwise it sounds something to investigate further. > > > > Ciao, > > > > Vincenzo > > > > > -----Original Message----- > > > From: James Kearney(hotmail) [mailto:[EMAIL PROTECTED] > > > Sent: gioved� 6 novembre 2003 16.43 > > > To: James Users List > > > Subject: Re: Lots of unauthorized emails > > > > > > > > > Vincenzo, > > > > > > JAMES_ROOT/apps/james/var/mail/outgoing directory is full > of files, > > > 8864 to be exact. > > > Is this mail that is waiting to be sent, and can i just > delete all > > > the files? > > > After doing this I will change the administrators account and all > > > users account passwords again - hopefully this will stop > the abuse. > > > > > > thanks v much > > > > > > james. > > > > > > ----- Original Message ----- > > > From: "Vincenzo Gianferrari Pini" > > > <[EMAIL PROTECTED]> > > > To: "James Users List" <[EMAIL PROTECTED]> > > > Sent: Thursday, November 06, 2003 3:24 PM > > > Subject: RE: Lots of unauthorized emails > > > > > > > > > Have a look at the > > > JAMES_ROOT/apps/james/var/mail/outgoing directory if using file > > > based repositories, or select * from spool where > > > repository_name='outgoing' > > > if using jdbc based repositories. > > > > > > Vincenzo > > > > > > > -----Original Message----- > > > > From: James Kearney(hotmail) > [mailto:[EMAIL PROTECTED] > > > > Sent: gioved� 6 novembre 2003 16.05 > > > > To: [EMAIL PROTECTED] > > > > Subject: Lots of unauthorized emails > > > > > > > > > > > > Hi, > > > > > > > > I am running the james server on jameskearney.com and I am > > > getting lots of > > > > emails saying "could not send email to xxx" where xxx is some > > > > address that I have never heard of - so obviously someone > > > > unauthorized is using my server. > > > > > > > > I have smtp auth set up - so I don't believe that it is the > > > case that the > > > > smtp server is an open relay. > > > > > > > > I also have changed the passwords on the smtp accounts > - this also > > > > does not help. > > > > > > > > The only possibility is that all of these messages were > spooled in > > > > the short time before I got smtp auth set up - is there > anyway I > > > > can check what > is > > > > waiting to be sent, and remove it if it is not appropriate. > > > > > > > > Failing this I am unsure as to how these nasty people > are using my > > > > server to send their junk! > > > > > > > > Please help, I don't want to add to the spam problem! > > > > > > > > thanks very much > > > > > > > > james kearney > > > > > > > > > > > > > > > > > ------------------------------------------------------------------ > > > > --- To unsubscribe, e-mail: > > > > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > -------------------------------------------------------------------- > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > -------------------------------------------------------------------- > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
