[Sidewinder] Sendmail bounces to 127.0.0.1 - recommendations?
Sidewinder moderated discussion list
sidewinder at adeptech.com
Tue Sep 25 04:56:59 EDT 2007
Hi, all!
In most installations of our customer base the Sidwinder
uses dual split SMTP servers to deliver incoming mail
to some internal server (MS Exchange, ... whatever).
If a spammer runs a "dictionary attack" mailing to every
imaginable address within the customer's mail domain, this
leads to a lot of bounce messages.
Most of the time the spammer's sender address is invalid,
leading to a double bounce which can safely be dropped.
But some of those guys are overly clever, using a sender
domain with a primary MX resolving to 127.0.0.1.
This leads to Sendmail connecting to the Firewall burb
over and over again and generating lots of completely
useless audit records.
Any recommendation on how to simply route these particular
messages to /dev/null?
Thanks,
Patrick M. Hausen
Leiter Netzwerke und Sicherheit
--
punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info at punkt.de http://www.punkt.de
Gf: Jürgen Egeling AG Mannheim 108285
More information about the Sidewinder
mailing list