We drop all the mail that comes in to "not found" addresses to a black hole, via the virtusers db in /etc/mail: @whatever.com blackhole At present the blackhole is a file but it could also be /dev/null james > > I'd like to be able to stop these attempts, but I can't think of a way > > to do it. All of the attempts are coming from valid servers from some > > domains that we can't block. They do all have null reverse-paths > > (MAIL FROM:<>), but I don't think that we can reject on this criteria > > as null reverse-paths are used to send NDRs and other notifications > > which we don't want to block. I suppose that we could accept the > > emails and dump them to /dev/null (or to some tarpit account so that > > we can inspect them) instead of replying with a "550 User unknown," > > but I suspect that this could cause us more headaches in the future. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 13:47:11 PST