Scott Dudley <scott@sdudley.com> wrote:
> >
> > > [...] one thing that I continue to see that troubles me is qmail-smtp
> > > accepting messages with an empty envelope sender as long as the
> > > recipient is a valid local user:
> >
> > Why does that trouble you? *Every* MTA should do that.
> >
> I'm troubled Charles because these messages are not bounced messages
> originated from this qmail server. Instead, they originate elsewhere
> with the deliberate attempt of exploiting this functionality to SPAM.
You're confused, I think. There's no behaviour to exploit here.
You appear to be describing, instead, the backscatter from a joe-job. That's
where a spammer sends his messages to his victims using a (usually random,
these days) address in your domain. If any of those messages bounce after the
initial SMTP conversation, the victims' MTAs will send those bounce messages
to your server -- as they should.
You still haven't shown any indication of a problem. Everything appears to be
working the way it's supposed to (and has to). If you don't like it, you
probably should take the advice others have given and completely block port 25
at your firewall.
Charles
--
--------------------------------------------------------------------------
Charles Cazabon <qmail@discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for details.
--------------------------------------------------------------------------
|