[Dshield] PDF Spam Wave

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Aug 9 15:59:56 GMT 2007


On Thu, 09 Aug 2007 11:27:10 EDT, Tom said:

> I beg to slightly differ.  If you know you want to reject, send a 
> 5xx. To many servers are sending 4xx when they really mean 5xx. 4xx 
> just causes a valid mailserver to continue to retry thus delaying the 
> proper handling of mail that was truly rejected by the recipient.

Actually, sending a 4xx back rather than accepting *can* make sense, if
the bounce you'd have send back was a "mail delayed" bounce (because your
LDAP server hiccuped, etc).  And yes, I *do* see a fair amount of "Unable
to send mail for XX hours" blowback.

Also, 4xx replies are heavily used by greylisting schemes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070809/37063a26/attachment.bin 


More information about the list mailing list