[vox-tech] Why change default ssh port?

Rick Moen rick at linuxmafia.com
Mon Jun 19 12:12:54 PDT 2006


Quoting Bill Kendrick (nbs at sonic.net):

[Backscatter spam and "antivirus warnings" as secondary results from
Microsoft malware:]

> I have a whole stack of .procmail rules to chuck mail daemon bounces
> regarding this crap to /dev/null.
> 
> (e.g., something found my address, and someone else's address on the 'net.
> It began sending viruses/spam to that other person, using my address as
> a forged 'To'.  When the mail bounces due to the address being gone,
> the mailbox being over quota, or the user blocking mail from me, _I_
> get them.  Total PITA.)

Not that it's much help for users having to suffer such garbage, but
this is one of the sins I try hard to avoid committing as a SMTP daemon 
(MTA = Mail Transfer Agent) operator:  I issue reject messages (DSNs) 
only during the ongoing SMTP delivery attempt, and thus state my
system's non-acceptance directly to the IP address trying to drop off
the mail.  By constrast, the old-school method was to accept the mail,
only then evaluate its acceptability, and send back a reject e-mail 
(a "bounce message" encapulating the 55x DSN) to the claimed, apparent
sender.  Which of course means you're generating backscatter spam when
the sender was forged, and makes you part of the problem.  I try not to
be part of the problem.  ;->

A vocal minority (such as the aforementioned Jeff Waugh) allege that
_even_ issuing 55x DSNs is being part of the problem, since the
delivering MTA might choose to do something harmful with the error
message, like send it to a forged sender address, and that such misdeeds
are then somehow my fault.  (A brief debate on this point occurred in
the linux-elitists thread Pete referred to.)

Additionally, my domain publishes SPF records in its DNS, which provides
a means for receiving MTAs to detect and reject forgeries of my domain.
(My SPF reference record identifies which IPs are allowed to send mail 
for my domain.  Any receiving MTA can vet arriving mail against that
information, and reject forged mail from other, unauthorised IPs.)



More information about the vox-tech mailing list