Re: [Exim] Anyone for Mailer-Daemon??

Top Page
Delete this message
Reply to this message
Author: Exim Users Mailing List
Date:  
To: ODHIAMBO G. Washington
CC: Exim Users Mailing List
Subject: Re: [Exim] Anyone for Mailer-Daemon??
[ On Friday, August 22, 2003 at 12:05:34 (+0300), ODHIAMBO G. Washington wrote: ]
> Subject: [Exim] Anyone for Mailer-Daemon??
>
> Is anyone opposed to this practice? (I saw it somewhere, munged the true identity)


I would hope that everyone everywhere is vehemently opposed to the
practice of generating bounces for invalid recipient addresses.

Surely by now you are aware that almost all e-mail based viruses and
worms, as well as most/many spammers, use forged sender addresses.

You need to be aware that as a result of such forgeries the automatic
generation of delivery notifications like the one you showed can
themselves result in as much abuse as the original spam, virus, or
whatever.

Please everyone configure your mailers so that they do _NOT_
automatically send notifications to the apparent originator of a message
that appears to contain an undesirable or undeliverable message. Your
mailer can, and should, reject such messages before they end up having
to send bounces to a possibly forged sender address (i.e. reject them at
the SMTP RCPT command).

Please everyone complain to the operators and authors of all mailers
which generate bounces for invalid recipients, virus/worm content, etc.

To quote from the SANS Security Alert Consensu #33:

        The Sobig.F worm is
    also causing lots of spoofed e-mail to be passed around, which wouldn't
    be [so] bad except that most anti-virus setups send back bounce notices.


At this point I don't yet know if I've received more bad bounces, or
more direct copies of the worm.

--
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>