[Dshield] DOS by Sorbs?

Abuse abuse at what4now.com
Thu Dec 22 18:41:04 GMT 2005


** Reply to message from "martin forest" <martin at forest.gen.nz> on Thu, 22 Dec
2005 12:58:02 +1300

I know that many if not all of you will object loudly to what I have to say but
this is a fact of life in these days of spam and viruses.  Procedures for
handling spam and viruses need to be changed.  And yes I report what I consider
"fake" bounce messages.  A "fake" bounce to me is one where an email server has
received a message and later decides that it does not want to deliver it so
sends a reply to the "FROM" address.


> If we don't do non delivery notifications, we will break rfc's.

The RFCs do not change fast enough (or at all) to keep up with the current
conditions.  Today the ORIGINATING server should send the "non delivery
notification" message NOT the RECEIVING server.


> If we deliver non delivery notifications, we will most likely send crap to  
> innocent users.

Very true and why you can get listed.


> Our mail servers do strict mail filtering and do not relay. We have a  
> commercial anti spam system for incoming email. Outgoing, incoming and   
> internal email systems are separated with a lot of security checks.
> What is the general feeling amongst you lot?

The problem is that you accept the email and then filter.  Doing that you have
a big problem with "non delivery notification" messages.  You should reject the
email while in the SMTP transaction, this will then cause the sending server to
send the "non delivery notification" message and unless they are relaying the
email they know where it came from.


> Is it reasonable to be listed on RBL lists for following rfc's?

Why not?  You are send spam and/or viruses (although I hope you have stripped
the virus before you send the "non delivery notification" message) to innocent
victims.

I think a lot of the blocklists are doing just that because, as I said above,
the receiving server should not be sending "non delivery notification" messages
because they do not know who the sender is.


More information about the list mailing list