Re: Email Spam a bit of Hell
This WebDNA talk-list message is from 2004
It keeps the original formatting.
numero = 57884
interpreted = N
texte = On 5/17/04 2:15 PM, "Sal"
wrote:> I noticed on my email server I can disable failed notification receipts.> That should help I would think.You would think... But the email servers still make and hold the connectionto determine the validity of the address which is often limited as each'thread' is using a particular amount of memory.The real issue wasn't that the failed messages were getting delivered. Infact originally they werent. I had to enable them to find out what theywere. Its just that each connection to verify the account ID would take afew seconds... And a mail server getting hit by hundreds of thousands ofthose connections (with only so many open slots) becomes pretty much uselessto legitimate email.The only way I discovered this was because Page Sentry was setup to monitorPOP availability as well as server availability. Yeah Maxum!!!!And Dylan wrote:> Alex, we just had a similar even about 2 weeks ago.> We use SIMS and there are some vulnerabilities that we discovered. We> had to close down ALL client ip's.. meaning any machine that used or> mail server to forward mail had to be redirected to a different> outgoing SMTP, and then we had to eliminate all the IP's from the list> of computers which were allowed forwarding access to our mail server.> Once that was done, things slowly improved.Yep we stopped all outside IP addresses from being able to SMTP mail throughour server long ago. I know with SIMS that you can use a "get first, sendsecond system which works well for outgoing SMTP connections....BUT none of this actually has to do with the basic functionality of yourmail server BEING ABLE to receive email from other mail servers (incomingSMTP) for the legitimate accounts on your mail server. That's where thiscomes in.It was just a real eye opener to realize that each and everyone isvulnerable to be subjected to countless 'bounceback' emails generated from aspammer. I suppose I never thought of it before and have my fingers crossedthat this is just one of those freak things. Because essentially there isnothing stopping a spam company/entrepreneur from setting the replyto addyin their next campaign to a different domain of ours, or yours or anyone.Its funny how you look at something and go... Holy cow... Look how simplethat is to do that....Anyway.. Thanks guys... I think some are getting tired of the OT subject.Didn't mean to drag you all into my little slice of heaven today. I justthought that some of you might have had this happen (as it appears Clintdid) and hope it never has to help everyone else because its nasty.Deep cleansing breaths.;-)AlexAlex J McCombie New World MediaChief Information Officer Box 124888/892.6379 MartVille, NY 13111Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
On 5/17/04 2:15 PM, "Sal" wrote:> I noticed on my email server I can disable failed notification receipts.> That should help I would think.You would think... But the email servers still make and hold the connectionto determine the validity of the address which is often limited as each'thread' is using a particular amount of memory.The real issue wasn't that the failed messages were getting delivered. Infact originally they werent. I had to enable them to find out what theywere. Its just that each connection to verify the account ID would take afew seconds... And a mail server getting hit by hundreds of thousands ofthose connections (with only so many open slots) becomes pretty much uselessto legitimate email.The only way I discovered this was because Page Sentry was setup to monitorPOP availability as well as server availability. Yeah Maxum!!!!And Dylan wrote:> Alex, we just had a similar even about 2 weeks ago.> We use SIMS and there are some vulnerabilities that we discovered. We> had to close down ALL client ip's.. meaning any machine that used or> mail server to forward mail had to be redirected to a different> outgoing SMTP, and then we had to eliminate all the IP's from the list> of computers which were allowed forwarding access to our mail server.> Once that was done, things slowly improved.Yep we stopped all outside IP addresses from being able to SMTP mail throughour server long ago. I know with SIMS that you can use a "get first, sendsecond system which works well for outgoing SMTP connections....BUT none of this actually has to do with the basic functionality of yourmail server BEING ABLE to receive email from other mail servers (incomingSMTP) for the legitimate accounts on your mail server. That's where thiscomes in.It was just a real eye opener to realize that each and everyone isvulnerable to be subjected to countless 'bounceback' emails generated from aspammer. I suppose I never thought of it before and have my fingers crossedthat this is just one of those freak things. Because essentially there isnothing stopping a spam company/entrepreneur from setting the replyto addyin their next campaign to a different domain of ours, or yours or anyone.Its funny how you look at something and go... Holy cow... Look how simplethat is to do that....Anyway.. Thanks guys... I think some are getting tired of the OT subject.Didn't mean to drag you all into my little slice of heaven today. I justthought that some of you might have had this happen (as it appears Clintdid) and hope it never has to help everyone else because its nasty.Deep cleansing breaths.;-)AlexAlex J McCombie New World MediaChief Information Officer Box 124888/892.6379 MartVille, NY 13111Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Alex McCombie
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Protect tag for large groups? (1999)
Cancel Subscription (1996)
Webcatalog and IIS4b2 (1997)
WebCat2b12plugin - [search] is broken ... not! (1997)
Summing fields (1997)
Formatting a .txt file (1998)
Why WebDNA is not popular (2002)
Referrer field to header field conversion (1997)
date pref (1999)
[ShowNext] (1997)
ODBC problems between webcatalog and filemaker pro (2001)
Webcat no longer supported? (2006)
[LOOKUP] (1997)
autosensing lanague selection (1997)
[SQL] & ODBC on Mac - Reposted (2000)
Re:2nd WebCatalog2 Feature Request (1996)
Summarising on two fields (1998)
showif and cart (1997)
RequiredFields template (1997)
[ListFiles] context & alias (1997)