[Full-Disclosure] Block notification / bounce mails (as in DDOS)
Koen
koen4security at hotmail.com
Thu Apr 1 20:46:26 BST 2004
Tomasz Konefal wrote:
> first off, the From: header would not normally be the one emails get
> bounced to. rather, it would be the "MAIL FROM" envelope header. in
> any case, my 'solution' would be to temporarily drop all mail destined
> to this deluged account to /dev/null and set up a new account for the
> busted user. you could alternatively set up a "user relocated" reply on
> the server or just kill the account altogether and send responses of "no
> such local user". you get the general idea. not a great solution, but
> only one person's email is crapped out instead of everyone's. when the
> DDoS looks like it's petering away you can set up an alias from the old
> to the new account to reenable legitimate mails to get to the user.
Hi,
A "user relocated" reply would only increase the problem. The problem isn't
limited to one mailbox or user-account but rather to "all" mailboxes.
Thanks anyway
Full-Disclosure is hosted and sponsored by Secunia.