Re: Barracuda Networks Spam Firewall

[jlewis () lewis org]

On Mon, 17 May 2004, Jared B. Reimer wrote:

> > We had this problem when our inbound-smtp server ( the server the
> > barracuda is dumping mail to) was accepting all RCPT TOs:   As a result
> > dictionary attacks were getting through and creating 'unique recipients'
> > on the Barracuda.   As soon as I fixed my mail server to reject with a 220
> > error on bogus RCPT TOs  the problem cleared up.
>
> This is a pretty serious flaw IMHO, if it is (in fact) true.  qmail isn't
> the only mailer that behaves this way.  It looks like they may have tried
> to kludge their way around this with LDAP in the case of MS Exchange, which
> also does asynchronous bouncing of undeliverable mail IIRC.

The fault here is with qmail.  The barracuda was doing exactly what it was
designed to do.  qmail can be patched to be smarter (google for qmail
spamcontrol or magic smtpd).  Accept all, then try to bounce, is a recipe
for disaster with today's dictionary attackers and virii that will send to
randomly created destinations from randomly created forged froms.

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________