Re: How I spent my Christmas vacation - Email found in subject
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 10:50:34 -0500
So, we're stuck on a debate that has been going on for many years now.
Do you disable NDRs to reduce backscatter or leave them on to comply
with older systems? Do you filter by valid recipient to reduce
backscatter and increase your risk of a harvesting attack, or do you
enable all incoming and increase the chance of a NDR flood attack?
If you really-really want to follow Microsoft's guidelines, re-read the
article you just quoted. Microsoft "recommends" that you set it up the
same way I have my system set up.
But, like you said, this discussion has digressed into something a bit
off-topic, no need to keep kicking it up. This debate has been argued
for many years now, and I see no end in sight.
________________________________
From: Danny [mailto:nocmonkey@xxxxxxxxx]
Sent: Wednesday, January 04, 2006 12:20 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: How I spent my Christmas vacation - Email found
in subject
http://www.ISAserver.org
On 1/3/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> Hi Danny,
>
> Time for some Windows Network education for you. CIL...
Time for some RFC education from our friends at Microsoft...
http://support.microsoft.com/kb/842851
[...]
"As previously discussed, suppressing NDRs is not an RFC-compliant
practice. Therefore, suppressing NDRs cannot be generally recommended.
Suppressing NDRs also inconveniences the ordinary user who makes a
typographical error in the recipient address when he or she sends an
e-mail message. The typical expectation of e-mail senders is that unless
an NDR is returned, the e-mail message has reached its destination.
If the recipient filtering feature is enabled, you may be more at risk
from a harvest attack. However, you are also less susceptible to being
used as the vector for an NDR flood attack. An NDR flood attack is where
a sender deliberately spoofs the return address for a valid domain and
then sends invalid e-mail messages to you purporting to be from that
domain. Your server then dutifully floods the victim domain with
multiple NDR reports."
[...]
Ahh, the big bad directory harvest attack, well it is moot if your mail
server accepts email sent to any recipients within your domain
regardless of whether or not they exist.
Anyway, I am off to bed and we are way off topic - sorry for the noise
folks. Thanks for today's lesson, Dr. Tom.
Remember kids, Uncle Danny says to shoot for RFC compliance and best
practices.
...D
Other related posts:
