Re: Email Spam a bit of Hell

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 57884
interpreted = N
texte = On 5/17/04 2:15 PM, "Sal" wrote: > I noticed on my email server I can disable failed notification receipts. > That should help I would think. You would think... But the email servers still make and hold the connection to determine the validity of the address which is often limited as each 'thread' is using a particular amount of memory. The real issue wasn't that the failed messages were getting delivered. In fact originally they werent. I had to enable them to find out what they were. Its just that each connection to verify the account ID would take a few seconds... And a mail server getting hit by hundreds of thousands of those connections (with only so many open slots) becomes pretty much useless to legitimate email. The only way I discovered this was because Page Sentry was setup to monitor POP availability as well as server availability. Yeah Maxum!!!! And Dylan wrote: > Alex, we just had a similar even about 2 weeks ago. > We use SIMS and there are some vulnerabilities that we discovered. We > had to close down ALL client ip's.. meaning any machine that used or > mail server to forward mail had to be redirected to a different > outgoing SMTP, and then we had to eliminate all the IP's from the list > of computers which were allowed forwarding access to our mail server. > Once that was done, things slowly improved. Yep we stopped all outside IP addresses from being able to SMTP mail through our server long ago. I know with SIMS that you can use a "get first, send second system which works well for outgoing SMTP connections.... BUT none of this actually has to do with the basic functionality of your mail server BEING ABLE to receive email from other mail servers (incoming SMTP) for the legitimate accounts on your mail server. That's where this comes in. It was just a real eye opener to realize that each and everyone is vulnerable to be subjected to countless 'bounceback' emails generated from a spammer. I suppose I never thought of it before and have my fingers crossed that this is just one of those freak things. Because essentially there is nothing stopping a spam company/entrepreneur from setting the replyto addy in their next campaign to a different domain of ours, or yours or anyone. Its funny how you look at something and go... Holy cow... Look how simple that is to do that.... Anyway.. Thanks guys... I think some are getting tired of the OT subject. Didn't mean to drag you all into my little slice of heaven today. I just thought that some of you might have had this happen (as it appears Clint did) and hope it never has to help everyone else because its nasty. Deep cleansing breaths. ;-) Alex Alex J McCombie New World Media Chief Information Officer Box 124 888/892.6379 MartVille, NY 13111 Alex@NewWorldMedia.com http://OurClients.com Interface Designer WebDNA Programmer Database Designer ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Email Spam a bit of Hell ( Donovan Brooke 2004)
  2. Re: Email Spam a bit of Hell ( Alex McCombie 2004)
  3. Re: Email Spam a bit of Hell ( Donovan Brooke 2004)
  4. Re: Email Spam a bit of Hell ( Alex McCombie 2004)
  5. Re: Email Spam a bit of Hell ( Dylan Wood 2004)
  6. Re: Email Spam a bit of Hell ( "Sal" 2004)
  7. Re: Email Spam a bit of Hell ( Alex McCombie 2004)
  8. Re: Email Spam a bit of Hell ( Phil Herring 2004)
  9. Re: Email Spam a bit of Hell ( Alex McCombie 2004)
  10. Re: Email Spam a bit of Hell ( Alex McCombie 2004)
  11. Re: Email Spam a bit of Hell ( "Sal" 2004)
  12. Re: Email Spam a bit of Hell ( Alex McCombie 2004)
  13. Re: Email Spam a bit of Hell ( "Sal" 2004)
  14. Re: OT: Email Spam a bit of Hell ( Clint Davis 2004)
  15. OT: Email Spam a bit of Hell ( Alex McCombie 2004)
On 5/17/04 2:15 PM, "Sal" wrote: > I noticed on my email server I can disable failed notification receipts. > That should help I would think. You would think... But the email servers still make and hold the connection to determine the validity of the address which is often limited as each 'thread' is using a particular amount of memory. The real issue wasn't that the failed messages were getting delivered. In fact originally they werent. I had to enable them to find out what they were. Its just that each connection to verify the account ID would take a few seconds... And a mail server getting hit by hundreds of thousands of those connections (with only so many open slots) becomes pretty much useless to legitimate email. The only way I discovered this was because Page Sentry was setup to monitor POP availability as well as server availability. Yeah Maxum!!!! And Dylan wrote: > Alex, we just had a similar even about 2 weeks ago. > We use SIMS and there are some vulnerabilities that we discovered. We > had to close down ALL client ip's.. meaning any machine that used or > mail server to forward mail had to be redirected to a different > outgoing SMTP, and then we had to eliminate all the IP's from the list > of computers which were allowed forwarding access to our mail server. > Once that was done, things slowly improved. Yep we stopped all outside IP addresses from being able to SMTP mail through our server long ago. I know with SIMS that you can use a "get first, send second system which works well for outgoing SMTP connections.... BUT none of this actually has to do with the basic functionality of your mail server BEING ABLE to receive email from other mail servers (incoming SMTP) for the legitimate accounts on your mail server. That's where this comes in. It was just a real eye opener to realize that each and everyone is vulnerable to be subjected to countless 'bounceback' emails generated from a spammer. I suppose I never thought of it before and have my fingers crossed that this is just one of those freak things. Because essentially there is nothing stopping a spam company/entrepreneur from setting the replyto addy in their next campaign to a different domain of ours, or yours or anyone. Its funny how you look at something and go... Holy cow... Look how simple that is to do that.... Anyway.. Thanks guys... I think some are getting tired of the OT subject. Didn't mean to drag you all into my little slice of heaven today. I just thought that some of you might have had this happen (as it appears Clint did) and hope it never has to help everyone else because its nasty. Deep cleansing breaths. ;-) Alex Alex J McCombie New World Media Chief Information Officer Box 124 888/892.6379 MartVille, NY 13111 Alex@NewWorldMedia.com http://OurClients.com Interface Designer WebDNA Programmer Database Designer ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Alex McCombie

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Protect tag for large groups? (1999) Cancel Subscription (1996) Webcatalog and IIS4b2 (1997) WebCat2b12plugin - [search] is broken ... not! (1997) Summing fields (1997) Formatting a .txt file (1998) Why WebDNA is not popular (2002) Referrer field to header field conversion (1997) date pref (1999) [ShowNext] (1997) ODBC problems between webcatalog and filemaker pro (2001) Webcat no longer supported? (2006) [LOOKUP] (1997) autosensing lanague selection (1997) [SQL] & ODBC on Mac - Reposted (2000) Re:2nd WebCatalog2 Feature Request (1996) Summarising on two fields (1998) showif and cart (1997) RequiredFields template (1997) [ListFiles] context & alias (1997)