Re: [edlug] Strange mail relaying DOS.

[Steve Kemp <edlug@xxx.xxx.xxx>]

On Fri, Apr 16, 2004 at 08:31:25PM +0100, Subhi S Hashwa wrote:

> Qmail has the silly idea of accepting mail then bouncing it out
> including domain literals blah@[ip.ip.ip.ip], a proper qmail setup
> will accept the % hack but wont relay it. so you're ok in that
> respect.

  It was qmail yes, although it will be replaced with lotus notes
 shortly..
 
> my mail queue is full of virus bounces thats one of the reasons i am
> shifting everything to exim 4 it will reject mail at smtp if its a
> bogus bounce/virus/whatever.

  I'm running clamav, and spammassin, for that purpose, but it doesnt
 reject at SMTP which is something that I couldn't ever get to work with
 qmail.

  Anyway the panic is now over, I replaced /var/qmail/bin/qmail-remote
 with a small wrapper script to log all mail delivery attempts and drop 
 the ones using IP address based delivery.  After a few hours the queue
 was clear and no more bounces.

Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html