Hugo van der Kooij quotes two different sections of current SMTP RFC in response to my challenge to cite where in the RFC the behavior he described is documented. He does not in fact find any such citation, and instead changes the subject by claiming the _real_ problem is that no incoming MX server should ever accept mail that will eventually bounce. There are many reasons why such configurations are useful. Examples: A. Backup MX servers provided by third parties routinely accept all mail for domains they service for inbound relay. Backup MX is not really interesting until there are brief outages for the primary MX, so in practice the backup servers are not going to have enough information to bounce invalid recipients. B. SMTP-based inbound antivirus scanners and spam scanners such as SpamAssassin in front (SMTP-wise) of a Microsoft Exchange server. Here because the front-end scanner is backend receiving mailer-neutral it is often unaware of which recipient addresses are valid. C. Prevention of trivial probing for valid email addresses. Spammers have a practice of hitting a mailserver with "war-dialed" random recipient addresses using RCPT without ever actually sending mail. This scanning stays below the radar of many administrators, who often do not log a RCPT with no successful DATA/BDAT to complete the transaction. Getting back to the original message of this thread, there is nothing "broken" about the SMTP server behavior observed by the presumptive DoS victim. I welcome evidence from relevant RFCs that contradict me on this point. Regards, Dave Hart ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 11:47:49 PST