Security Incidents mailing list archives
Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?)
From: "Andrew van der Stock" <ajv () e-secure com au>
Date: Mon, 17 Sep 2001 09:46:51 +1000
From discussions with various people, I think the best workarounds for this
problem might be: * if the errors-to: field has > 1 recipient, it's very likely to be spam. Do not process it - log and drop it * if your MTA just adds a few lines to the top of the NDR or encapsulates the message entirely before sending it to errors-to:, you need to find a way to remove the original message This is the bit that will make mail list administration that much harder: * if you are the postmaster or (even better) the MTA configurator for your platform, consider turning errors-to: processing off by default MTAs probably not vulnerable by default: Postfix (pretty much all versions) Sendmail (at least) >= 8.9.3 has errors-to: processing turned off by default in the ISC distribution. Vendor Unixes, Linux distro's, *BSD configurations = unknown at this time Exchange 5.5/2000, to a limited degree. Exchange 5.5 and 2000 will encapsulate the original mail in the NDR. In addition, Exchange 2000 adds a delivery read receipt header as well. This could be used as a rather lame method of DDoS as one SMTP exchange will generate at least two resultant SMTP exchanges. Andrew ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Run a mail host with a public MX record? Seeing large numbers of bounces? Andrew van der Stock (Sep 13)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Richie B . (Sep 14)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 14)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 15)
- Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?) Andrew van der Stock (Sep 16)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 15)