Mailing List Archive

On Tue, Aug 10, 2004 at 05:50:28PM +0300, Suresh Khatry wrote:
> A spammer or virus infected machines sends out spam/virus to invalid
> addresses (but valid domains) using the postmaster address of one of our
> domains. The recipient site bounces the message with a 'user unknown'
> error and the bounce is sent to the postmaster here. This double-bounce
> message is accepted by our server.
>
> Can anything be done to reject such double-bounce messages? Thanks
> much in advance.

You could use SES, which cryptographically signs your MAIL FROM adresses. If a bounce is received for some address that is not signed correctly, you can reject the bounce.

This is outside the scope of spf however, although some have proposed to combine SES and SRS, which sort of makes sense I think.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi,

I get several hundred such bounces a day. I had to stop accepting wildcard
mail to anyname @my.domain, and configure my server to reject mail to
unknown users straight away.

I hope SPF will help with this. That is the sort of thing it was designed
for. I published spf records with -all, and hope more and more servers will
reject such mails claiming to be from my domain.

But in the meantime, all you can do is reject mail to unknown users as soon
as possible (at the RCPT TO: stage) in your MTA.


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

We do reject messages to unknown users at the RCPT TO level but the
problem is the most recent viruses send out mail with
Postmaster@domain.name and the bounces come back to us. For obvious
reasons, we cannot reject messages addressed to the postmaster :(

I was trying to get documentation on SES but could not find any site
for it. Koen, can you point me to a web site for information on SES? TIA

Ciao
SK




+------------------------------------------------------------+
| Suresh Khatry (Mr.) <mailto:Suresh.Khatry@unon.org>
| Chief, Network Services Unit <mailto:Postmaster@unep.org>
| Information Technology Services <ICQ:44617574>
| United Nations Office at Nairobi (UNON) <NIC Handle: SK465>
| P.O. Box 47074, Nairobi, Kenya <RIPE Handle: SK136-RIPE>
| Phone: +254 (20) 621234, [Direct: +254 (20) 623427]
| Fax: +254 (20) 226890, [Direct: +254 (20) 624297]
| Cell: +254 (0)733 333305
| WWW => http://www.unon.org http://www.unep.org
+------------------------------------------------------------+
K E E P I N G Y O U I N T O U C H W I T H T H E W O R L D




Mi
<mi.lists@alma.ch> To: spf-help@v2.listbox.com
Sent by: cc:
owner-spf-help@v2. Subject: Re: [spf-help] Double bounce messages
listbox.com


10/08/2004 18:19
Please respond to
spf-help






Hi,

I get several hundred such bounces a day. I had to stop accepting wildcard
mail to anyname @my.domain, and configure my server to reject mail to
unknown users straight away.

I hope SPF will help with this. That is the sort of thing it was designed
for. I published spf records with -all, and hope more and more servers will

reject such mails claiming to be from my domain.

But in the meantime, all you can do is reject mail to unknown users as soon

as possible (at the RCPT TO: stage) in your MTA.


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com





-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Tue, Aug 10, 2004 at 06:28:16PM +0300, Suresh Khatry wrote:
>
> We do reject messages to unknown users at the RCPT TO level but the
> problem is the most recent viruses send out mail with
> Postmaster@domain.name and the bounces come back to us. For obvious
> reasons, we cannot reject messages addressed to the postmaster :(
>
> I was trying to get documentation on SES but could not find any site
> for it. Koen, can you point me to a web site for information on SES? TIA

Apparently, there are no actual implementations available freely so
you'll have to roll your own. Basically, what you want to do is similar
to doing SRS0 (see http://www.libsrs2.org/docs/index.html for info about
srs). Actually, Shevek just told me it's just doing SRS0 without the
domain field.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com