[73842] in North American Network Operators' Group
Re: Distributed Dictonary email slam
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Sep 6 12:24:49 2004
Date: Mon, 6 Sep 2004 12:24:02 -0400
From: Jared Mauch <jared@puck.nether.net>
To: "Christopher X. Candreva" <chris@westnet.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.61.0409051956400.4910@westnet.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, Sep 05, 2004 at 07:58:06PM -0400, Christopher X. Candreva wrote:
>
> On Sun, 5 Sep 2004, Matt Hess wrote:
>
> > source hosts.. Now being as we are a secondary mx I'm dropping their record
> > out of our email system as I write this, however, I am curious if other have
> > gone through or are currently going through something of this magnitude (12K
> > spam/dictionary msgs per hour destined to one domain and that's just what is
>
> You want to keep a list of valid accounts on the secondary so you can refuse
> mail for non-existing accounts on the secondary too.
>
> If you don't care about yourself -- relize that if, say, all of these mails
> have a return address forged from the same domain, you will be DOSing THAT
> site with the bounce messages. This is enough for some people to block mail
> from you.
does anyone have some pointers to a good (possibly radius+sendmail)
based approach for checking this?
i'd like to have my backup mx host reject mail for non-existant
users/aliases as long as the primary is up, but if it's down, it should
accept them and queue, plus possibly cache misses for a period of time (24h?)
- jared
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
