Re: TCPIP$SMTP_POSTMASTER_ALIAS
- From: JF Mezei <jfmezei.spamnot@xxxxxxxxxxxx>
- Date: Sat, 08 Apr 2006 15:49:33 -0400
Phillip Helbig---remove CLOTHES to reply wrote:
So this might solve the problem of double bounces. I was getting email
to non-existent users, then bouncing it from TCPIP$SMTP, which then
bounced back to me since the recipient (apparent sender of the spam) had
been forged. So if I bounce it from postmaster to a non-existent
recipient, the remote system should NOT bounce it back to me, right?
say you are chocolate.com
system X sends spam "from: username@xxxxxxxxxxxxx" to "baduser@xxxxxxxxxx"
Instead of immediatly refusing it witgh a 550 invalid username,
pastry.com accepts the message and later issues a non delivery
notification and sends it to the apperent originator: "username@xxxxxxxxxxxxx"
So your system gets a message from postmaster@xxxxxxxxxx indicating it
was unable to deliver a message from username@xxxxxxxxxxxxx to
baduser@xxxxxxxxxxx Message is addressed to username@xxxxxxxxxxxxx
Your system then attempts to deliver it to "username" locally to tell
him that the message he allegedly sent could not be delivered. This
fails, and the software then detects this is a postmaster message and
instead of bouncing it back to pastry.com, bounces it to the
"postmaster" account locally.
If username verification were done during the SMTP dialogue, then the
message from postmaster@xxxxxxxxxx to username@xxxxxxxxxxxxx would be
stopped there.
However, you, as system manager, wouldn't know that your domain name is
being used as a fake origin of spam messages.
--------
Second scenario:
You are the target of spam.
System X sends spame from baduser@xxxxxxxxxx to username@xxxxxxxxxxxxx
Your system receives it, accepts it. Then it realises that "username" is
not valid, so it generates a bounce to "baduser@xxxxxxxxxx". When
pastry.com accepts the TCPIP connection, it issues a 550 "user not
found" right away. So TCPIP Services then immediadly hard fails the
message and tries to send a bounce of the bounce back to username.
However this fails and the software then sends that second bounce back
to the postmaster alias (which should be forwarded to a VMSmail address).
In these cases, immediatly refusing messages to invalid users (with the
patch at 5.4 or 5.5) solves that problem.
This is not ideal, since this would also reject stuff where the sender
had just mistyped a real email address, i.e. not spam to a non-existent
address. Would a real person sending email see the "not deliverable"
message?
Yes, except that message would be issued by his local SMTP server, not
you.
.
- References:
- TCPIP$SMTP_POSTMASTER_ALIAS
- From: Phillip Helbig---remove CLOTHES to reply
- Re: TCPIP$SMTP_POSTMASTER_ALIAS
- From: JF Mezei
- Re: TCPIP$SMTP_POSTMASTER_ALIAS
- From: Phillip Helbig---remove CLOTHES to reply
- TCPIP$SMTP_POSTMASTER_ALIAS
- Prev by Date: Re: how to stop the VPM server
- Next by Date: Re: how to stop the VPM server
- Previous by thread: Re: TCPIP$SMTP_POSTMASTER_ALIAS
- Next by thread: Re: TCPIP$SMTP_POSTMASTER_ALIAS
- Index(es):
Relevant Pages
|
