lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: koen4security at (Koen)
Subject: Block notification / bounce mails (as in DDOS)

Niek Baakman wrote:
>> <question>
>> What would you do when a spammer uses your mail-address as the "From:" 
>> and the mails that are sent by the spammer get all bounced back by 
>> legitimated mail-servers to your mailhandlers? All the bounces would 
>> return to you - as you are the 'from' (assume a rate of 1.000 a 
>> minute) and this traffic would kill your network-connection. You 
>> wouldn't be able to receive any mail because your mailserver can no 
>> longer handle the load
>> </question>
> - Apply filters on your mailserver.
These filters will not react because my mailserver 'is' already dead.
> - If it doesn't harm other employees: temp. change the mx record.
How would changing my mx-records affect the outcome?
When the first mailhandler can't handle the load, mail will be picked up by 
the 'backup-mailserver'..but this would in effect only cascade to the other 
(backup)mailservers and as a result they would eventually also dye. I think 
this is only a solution if I can add serveral (and I mean lots of) 
backupmailservers so that the load is spread. I think this is not really an 

Thanks for the reponse.

Powered by blists - more mailing lists