|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMTP in distributed DOS
On Sun, Feb 20, 2000 at 03:41:06PM -0500, [email protected] wrote: > > On Sun, 20 Feb 2000 11:59:42 PST, I Am Not An Isp <[email protected]> said: > > This is the problem - a mail server stupid enough to send a bounce to an > > unverified host name, instead of the connecting IP address. > > Stupid or not, that's required by the RFCs. Take a look at this mail, > the original From: points at 'vt.edu', which is MX'ed to mail.vt.edu. > However, that's NOT the address that the NANOG mailing list is receiving > this mail from. > > For that matter, did the mail from 'ianai.net' arrive at the NANOG mailing > list *from* ianai.net? I see this in the headers: > > Received: from pgilmore (PIX46.pgexch.com [208.217.23.46]) by pyrite.eod.onyx.net (8.9.3/8.9.3) > > Hmm.. Must be spam we should have rejected, since there's a case to be made > that you shouldn't accept mail you can't send a bounce message back to, and > your mail obviously came from an unverified IP address... MTA's don't send bounces to host names in Received: headers, they send bounces to RFC 822 envelope sender addresses. (At least, that's what they're SUPPOSED to do.) Some MTA's will barf when given a bogus MAIL FROM ("Sender domain must resolve") but some will not. The server that is getting deluged by bounces is most likely getting them because the senders are using that domain in the envelope sender, not because of the fake insertion into the Received: headers. --Adam
|