On 3 Oct 2007, at 9:56, Hal Dell wrote: > > Hello All... > > Recently a SPAMer started sending eMails to the server using a dictionary > for eMail addresses like [EMAIL PROTECTED], [EMAIL PROTECTED], etc. Then the > eMail Servers trys to send an eMail message back to the sender indicating > the eMail was > NOT delivered because of a bad eMail address.
So far as I am aware, XMail does not send an email back to the sender. If you check your smtp log you might see the incoming connection has been rejected with an EAVAIL error code. What may be happening, and appears to be as I've been seeing, is that the spammer is sending via an open relay or badly configured server and using your domain as return path as well as recipient, delivery is rejected and the server then sends off the rejection email. No sender bounce should help solve that problem but you can also put the severs ips in spammers.tab if you don't expect legitimate email from those. I don't like using spammers.tab but have found option of putting a delay of a few seconds in connections from those ips used to work against previous methods of spam and virus propogation but wouldn't be useful in this case. David > So I've set NoSenderBounce to 1. By changing this setting will this stop > this behavior? > > Next, I still need SenderBounce enabled for certain eMail accounts. I was > wondering why we don't push > down a lot of these configuration options to the domain level like > SmarterMail does? If a lot of folks using > xMail are ISP / ASP then this would make sense to have management control at > the domain level. > > I don't know if you guys have seen this but the SPAMers are now using your > eMail Server, if eMail bounce back > Messages are on, to effectively SYN Flood someone. The way this works is > they get hold of some domain then > point that domain's A to an IP that does NOT have an eMail Server associated > with it. Typically, these domains > don't have MX records. > > Then, they send a slow drip of eMails to the same domain, the effect is the > eMail Server tries to deliver the > bounce back to the sender over and over again. Each time the bounce back is > attempted an TCP connection > is attempted and of course a SYN is generated first. > > Now, imagine, that you have several 100 eMails in the message queue, all the > time, all trying to connect to that > same IP at various intervals based upon the time they were received. > > And now you get a SYN Flood. > > How do we solve this? Can you simply ONLY send eMails to domains that have > MX records? I know this > Probally violates and RFC, however, we else can we do until someone decides > to fix the larger SPAM issue. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]