To bounce or not to bounce?

Forum Moderators: bakedjake

Message Too Old, No Replies

To bounce or not to bounce?

That is the question of spam...

BwanaZulia

7:56 pm on Feb 26, 2005 (gmt 0)

Our server gets pounded daily with thousands of dictionary type spams (bob@domain.com, bobette@domain.com, bobena@domain.com, etc, none of which exist).

The question is, should we bounce those messages at all or just delete them as obviously the ones that are not bounced are a clear indication that the email address is valid.

Thoughts?

Opinions?

PatrickDeese

8:08 pm on Feb 26, 2005 (gmt 0)

I personally blackhole all that stuff because bouncing it causes avalanches of "bounce spam" to innocent site owners who's domain was selected for the forged "sender" headers.

BwanaZulia

8:28 pm on Feb 26, 2005 (gmt 0)

I guess my concern would be that legitimate bounces (real people, sending real email with real bad addresses) would also get thrown in the black hole.

wheel

1:14 pm on Feb 27, 2005 (gmt 0)

I'm speaking out my left ear here so take it for what it's worth. In my server config, we only allow connections from valid userids. If it's not in the list, the connection isn't allowed. That's better than a bounce and better than accepting the emails and blackholing them.

(that's what I understand is happening from what I can see in the server logs).

BwanaZulia

3:27 pm on Feb 27, 2005 (gmt 0)

Allowing connections is for sending/retrieving emails, but obviously in order to receive emails from the internet it is not based on authenticated users.

We just implemented the SMTP check to make sure any incoming mail was going to a valid mailbox before going through any other process (mail queue, spam assassin, etc). This has really kept the amount of traffic down.

We are bouncing those emails, and that was the original question, now just how to not bounce them.

EVOrange

3:58 pm on Feb 27, 2005 (gmt 0)

I had the same problem because i had my email server set with a 'catchall' email, i.e. anything@mydomain.com

I closed the catchall and only accept emails to legitimate emails addresses

EVO

py9jmas

4:13 pm on Feb 27, 2005 (gmt 0)

We are bouncing those emails, and that was the original question, now just how to not bounce them.

Are you bouncing them? Or just refusing to accept them in the first place? Your server should only generate bounces for messages it has accepted, and is then unable to deliever (mailbox doesn't exist, etc). If it didn't accept the message in the first place (ie refused at the MAIL TO/RCPT FROM stage of the SMTP transaction), the message is the responsibility of the mailserver that tried to give the mail to you. If that server generates a bounce or not is not your problem.

BwanaZulia

4:21 pm on Feb 27, 2005 (gmt 0)

We are bouncing them based on the "Mailbox does not exist".

They are valid domains, just not valid mailboxes. I would like to configure it to NOT bounce them as it does create a lot of traffic, we are talking thousands a day.

py9jmas

4:36 pm on Feb 27, 2005 (gmt 0)

What you should do is configure your server not to accept mail to non-existent mailboxes in the first place.

In the SMTP transaction, the sender server issues a

MAIL FROM: <bob@example.com>

command and a

RCPT TO: <fred@example.net>

command. At this point, your server can check to see if fred@example.net is a local mailbox and if it exists. If it doesn't, it returns the appropriate error message and drops the connection. No bounces are needed on your part, and the message itself is never transmitted so doesn't use your bandwidth.

If your mailserver blindly accepts the TO/FROM addresses, the message is then transmitted, and your server accepts responsibility for it.

How you configure this depends on your mail server.