[GRLUG] Sendmail as secondary (backup) MX
Collin
adderd at kkmfg.com
Tue Oct 31 11:31:32 EST 2006
One thing that I do not like about doing things the correct way is that
your mail server can be used to DOS attack someone's email inbox. All
someone has to do is pretend to send email from an address to an invalid
address. Do that thousands of times and the supposed sender's inbox
fills up. You can limit the number of bounces, etc per second but still
the mechanism is prone to abuse.
Olding, Jim wrote:
> You could add a catch-all address in sendmail's virtusertable file, and
> then set up a cron job to delete that user's mail file.
>
> The downside of this is that anyone sending mail to that domain will
> never receive a bounce message, even if they legitimately mistyped an
> email address.
>
> This also completely violates RFC 2821, which requires bounce messages
> to be sent if your system accepts mail for delivery and later finds that
> the address is invalid.
>
More information about the grlug
mailing list