Security Incidents mailing list archives

RE: Distributed spam-based DoS in progress

From: "Dave Hart" <davehart () davehart com>
Date: Tue, 18 Feb 2003 19:28:30 -0000

From: Hugo van der Kooij [mailto:hvdkooij () vanderkooij org] 
Sent: Tuesday 18 February 2003 06:48

[...]

If a message is undeliverable it will be bounced BUT if the 
bounce message 
can not be delivered it will be discarded immediatly to 
prevent double 
bounce loops.

See also RFC 2821 section 4.5.5


Would you care to cite where it's said that NDRs and other MAIL FROM:<>
messages must be discarded immediately if the first delivery attempt
fails?  The various mailers I have used continue to retry transmission
until configured timeouts, as with any other outbound message.  When the
mail is an NDR being sent to a bogus domain (such as in response to spam
with a forged sender email), it does clog up the queue for that timeout
period.

Regards,
Dave Hart

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

Distributed spam-based DoS in progress Transistor Sister (Feb 17)
- Re: Distributed spam-based DoS in progress Hugo van der Kooij (Feb 18)
  - Re: Distributed spam-based DoS in progress Valdis . Kletnieks (Feb 18)
- Re: Distributed spam-based DoS in progress Kee Hinckley (Feb 19)
  - Re: Distributed spam-based DoS in progress Transistor Sister (Feb 19)
    - Re: Distributed spam-based DoS in progress Rohan Amin (Feb 20)
  - RE: Distributed spam-based DoS in progress Steve Drees (Feb 19)
- <Possible follow-ups>
- RE: Distributed spam-based DoS in progress Dave Hart (Feb 18)
  - RE: Distributed spam-based DoS in progress Hugo van der Kooij (Feb 19)
- RE: Distributed spam-based DoS in progress Dave Hart (Feb 19)