lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed Jun  7 17:01:57 2006
From: michael.holstein at csuohio.edu (Michael Holstein)
Subject: Strange Emails -- What are they?

> When you try and send email to a non-existant address, the receiving server
> rejects during the smtp transaction so a return address is not needed since
> the sending bot gets this error message before the transaction is completed.

Depends on the MTA and how it's configured. Some will silently accept 
(and then either drop or later bounce) messages for a nonexistent address.

In the current scheme though, the bounces would be worthless since the 
return path is invalid. Note that intentionally *not* delivering bounces 
for bogus addresses violates the RFC, but a lot of sites do it anyway.

Most MTAs allow you to configure some sort of "DHA protection", or 
"tarpitting" .. meaning they'll limit the number of 
connections/recipients from any given host to (x con) per (y time). I'd 
go this route before you try greylisting (greylists are a PITA for 
endusers).

~Mike.

Powered by blists - more mailing lists