Loading ...
Sorry, an error occurred while loading the content.

Re: Rejecting Invaliud Users - Useful Resource pointers?

Expand Messages
  • Terry Allen
    ... Hi again, Thanks to those who replied to the question above - I don t know why anyone would ever set their server up to run receiving non-existent
    Message 1 of 7 , Jun 1, 2007
    • 0 Attachment
      >mouss wrote:
      >>Terry Allen wrote:
      >>>Hi again,
      >>> Our server is set for all domains to reject invalid users & I
      >>>understand why rejecting non-existent users is correct - however,
      >>>I am trying to demonstrate to a client why they should set their
      >>>Exchange server up to reject non-existent users - can anyone point
      >>>me towards an easy to understand resource I can show this client
      >>>why they should reject non-existent addresses.
      >>> The reason they are accepting invalid addresses is in case
      >>>someone makes a mistake sending an email into the server - asking
      >>>for a spam problem in my opinion. Many thanks for any pointers.
      >>
      >>If someone mistypes the address, he will get a bounce, fix the
      >>address and send again. the recipient system should not try to
      >>guess the recipient address. If you send mail to mouss@...,
      >>and mistype it as nouss@..., you don't want the MTA or a
      >>person to deliver the mail to nousse@... (which happens to
      >>exist). practice has shown that guesses get wrong too often and
      >>cause more problems than letting authors fix the issues once for
      >>all (html automatic corrections, implemented in a browser-depende
      >>way, have probably done too much harm than good). but I digress.
      >>anyway, the client can do whatever he wants but he must not send a
      >>bounce unless he can prove that the message was really sent by the
      >>sender. and if he knows of a safe way to do that, then he has a
      >>large market for his solution ;-p
      >>
      >>anyway, here are some links:
      >> http://www.postfix.org/BACKSCATTER_README.html
      >>
      >>http://www.spamresource.com/2007/02/backscatter-what-is-it-how-do-i-stop-it.html
      >> http://secondwheel.googlepages.com/backscatter
      >> http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam
      >> http://removals.tqmcube.com/index.php?x=&mod_id=2&id=13
      >>
      >>http://www.spamhaus.org/faq/answers.lasso?section=ISP%20Spam%20Issues#109
      >>
      >>and you can get many resources by following the links on spamlinks.net:
      >> http://spamlinks.net/prevent-secure-backscatter.htm
      >
      >
      >Best answer above.
      >Additional information. A company I worked for had this same
      >thinking, however our Exchange was processing ~250k messages per
      >day. We had multiple exchange servers handling the load internally.
      >During a couple spam attacks (and joejobs, and email DOS), our load
      >jumped to >1 million per day. Our systems crashed, the problem was
      >due to the queue build-up of bounces to non-existent senders. I
      >convinced them to do recipient validation AND isntalled a quick
      >postfix system in front. Just recipient validation reduced our
      >valid incoming mail to <100k per day from 250k. We got hit 2 days
      >later, recieved 1.5 million emails, 1 postfix server handled it.
      >Saved us thousands in extra servers and storage that our IT group
      >was planning to install to handle it all.
      >
      >Point being, not doing recipient validation make your system
      >vulnerable to handling MUCH more traffic than needed.
      >
      >john
      Hi again,
      Thanks to those who replied to the question above - I don't
      know why anyone would ever set their server up to run receiving
      non-existent addresses - it causes many more headaches in my opinion
      for all concerned - the sender also thinks they got the address
      correct, so never bothers to set it right.
      I don't know if the backscatter information is actually what
      I need to point him at - for the layman who knows enough to run an
      Exchange server, but not enough to run something better, I'll search
      for something a bit simpler as well.
      --

      Bye for now, Terry Allen
      ___________________________________________________________________
      hEARd

      Postal Address:
      hEARd, 26B Glenning Rd, Glenning Valley, NSW 2261, Australia
      Internet -
      WWW: http://heard.com.au http://itavservices.com
      EMAIL: hmag@...
      Phone: Australia - 02 4388 1400 / International - + 61 2 43881400
      Mobile: Australia - 04 28881400 / International - 61 4 28881400
      -----------------------------------------------
      Non profit promotion for new music - since 1994
      -----------------------------------------------
    • Rod Dorman
      ... There s something I m not understanding, how would the mail addressed to a non-existent address get delivered to the correct user? Was there going to be
      Message 2 of 7 , Jun 1, 2007
      • 0 Attachment
        On Friday, June 1, 2007, 05:30:19, Terry Allen wrote:
        > ...
        > Thanks to those who replied to the question above - I don't
        > know why anyone would ever set their server up to run receiving
        > non-existent addresses - it causes many more headaches in my opinion
        > for all concerned - the sender also thinks they got the address
        > correct, so never bothers to set it right.

        There's something I'm not understanding, how would the mail addressed to
        a non-existent address get delivered to the 'correct' user?

        Was there going to be a human involved figuring it out?

        --
        rodd@... "The avalanche has already started, it is too
        Rod Dorman late for the pebbles to vote." - Ambassador Kosh
      • mouss
        ... In some places, they set a catchall address and have a slave to do the routing... and spam filtering ;-p
        Message 3 of 7 , Jun 1, 2007
        • 0 Attachment
          Rod Dorman wrote:
          > On Friday, June 1, 2007, 05:30:19, Terry Allen wrote:
          >
          >> ...
          >> Thanks to those who replied to the question above - I don't
          >> know why anyone would ever set their server up to run receiving
          >> non-existent addresses - it causes many more headaches in my opinion
          >> for all concerned - the sender also thinks they got the address
          >> correct, so never bothers to set it right.
          >>
          >
          > There's something I'm not understanding, how would the mail addressed to
          > a non-existent address get delivered to the 'correct' user?
          >
          > Was there going to be a human involved figuring it out?
          >
          >

          In some places, they set a catchall address and have a slave to do the
          routing... and spam filtering ;-p
        Your message has been successfully submitted and would be delivered to recipients shortly.