Re: 450 %TCPIP-E-SMTP_NOSUCHUSER, no such user, <domain.name>
david20_at_alpha2.mdx.ac.uk
Date: 08/27/04
- Previous message: Alex Daniels: "Re: HP Away"
- In reply to: Michael Moroney: "Re: 450 %TCPIP-E-SMTP_NOSUCHUSER, no such user, <domain.name>"
- Next in thread: JF Mezei: "Re: 450 %TCPIP-E-SMTP_NOSUCHUSER, no such user, <domain.name>"
- Reply: JF Mezei: "Re: 450 %TCPIP-E-SMTP_NOSUCHUSER, no such user, <domain.name>"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 27 Aug 2004 10:44:50 +0000 (UTC)
In article <cgl1vp$a5l$1@pcls4.std.com>, moroney@world.std.spaamtrap.com (Michael Moroney) writes:
>david20@alpha2.mdx.ac.uk writes:
>
>>>Grey listing is amazing! I have been running a FreeBSD based system using
>>>Exim/spamassasin/spamd with a grey listing solution for about 9 months now
>>>with amazing success!
>>>
>>I can understand spamassassin having an effect but am pretty surprised that
>>greylisting has anything but a marginal effect.
>
>It was already mentioned that an enormous percentage of spam is being sent
>by virus-infected "zombie" systems where the virus is forwarding spam to a
>huge list of addresses. MyDoom, Bagel, etc. are all spam-forwarding viruses.
>I don't know what SMTP engines they have, but I do know that an SMTP
>engine which keeps track of and retries addresses with 4xx errors is going
>to be harder to write and will be larger than a blast-and-forget engine.
>Sure, since spam and anti-spam systems is nothing but a huge arms race and
>"greylisting" is just another weapon in that arms race, some day spammers
>will release zombie viruses which retry 4xx errors and greylisting will no
>longer work. But for now it is quite effective.
We block direct sending of mail out of the University with our firewall.
All mail has to go out via our central mailhubs.
All the modern viruses (netsky, mydoom etc) seem to have very little problem
with picking up the mail settings from the infected system and attempting to
send out via our central mailhubs - where they are then blocked by our
anti-spam software.
I would expect any spammer software making use of such virus infected machines
would similarly pick up the settings.
If there is an intermediate machine in the way such as our central mailhubs
(or an open-relay) then greylisting would not work since those intermediate
systems will almost certainly follow the RFCs and retry.
For viruses using the machines mail settings rather than sending
directly or through an open-relay is probably not the best strategy since it
is more likely that a central mailhub will have anti-virus software installed.
Hence it is probably being employed as a fallback mechanism.
However for spam the situation is different. Pretty much all anti-spam measures
are targetted at incoming rather than outgoing mail. Indeed as I recall one ISP
was sued when it blocked outgoing mail which it's anti-spam product regarded
as spam.
For both viruses and spam which are attempting to send to a large number of
email addresses sending through an intermediate system allows them to work
faster since they can offload the work to the intermediate system - that is
one reason for the use of open-relays.
David Webb
Security Team Leader
CCSS
Middlesex University
>--
>-Mike
- Previous message: Alex Daniels: "Re: HP Away"
- In reply to: Michael Moroney: "Re: 450 %TCPIP-E-SMTP_NOSUCHUSER, no such user, <domain.name>"
- Next in thread: JF Mezei: "Re: 450 %TCPIP-E-SMTP_NOSUCHUSER, no such user, <domain.name>"
- Reply: JF Mezei: "Re: 450 %TCPIP-E-SMTP_NOSUCHUSER, no such user, <domain.name>"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
