|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Barracuda Networks Spam Firewall
On Mon, 17 May 2004, Jared B. Reimer wrote: > >We had this problem when our inbound-smtp server ( the server the > >barracuda is dumping mail to) was accepting all RCPT TOs: As a result > >dictionary attacks were getting through and creating 'unique recipients' > >on the Barracuda. As soon as I fixed my mail server to reject with a 220 > >error on bogus RCPT TOs the problem cleared up. > > This is a pretty serious flaw IMHO, if it is (in fact) true. qmail isn't > the only mailer that behaves this way. It looks like they may have tried > to kludge their way around this with LDAP in the case of MS Exchange, which > also does asynchronous bouncing of undeliverable mail IIRC. The fault here is with qmail. The barracuda was doing exactly what it was designed to do. qmail can be patched to be smarter (google for qmail spamcontrol or magic smtpd). Accept all, then try to bounce, is a recipe for disaster with today's dictionary attackers and virii that will send to randomly created destinations from randomly created forged froms. ---------------------------------------------------------------------- Jon Lewis *[email protected]*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|