[Snort-users] STUPID QUESTION

Matt Kettler mkettler at ...4108...
Mon Sep 20 07:36:07 EDT 2004


At 11:05 PM 9/18/2004, Andy wrote:
>Am I sending to the correct email address snort-users at lists.sourceforge.net
>?
>
>As a response, I keep getting the email below, but it my posts go through.
>WTF?
>
>Please tell me if I'm a dork.....

I can't tell you if you're a dork or not, but I can tell you this 
particular issue isn't your problem.

You are sending to the correct address. The bounce message you're getting 
is some imbecile with a misconfigured mailserver that bounces mail to the 
From: address instead of using the envelope Return-Path:.

You'd think on a security list people would at least know how to configure 
a mailserver to safely and properly handle message failure. Guess not, as 
there's a lot of misconfigured mailservers on this list...

I generally take the step of 550'ing the whole server and the offending 
address for a couple weeks as a defensive measure.

 From my /etc/mail/access:
         200.249.204.129                 550     mail systems with broken 
bounces are not welcome here
         postmaster at ...12448...       550     mail systems with broken 
bounces are not welcome here

It's a bit extreme, but if they are sufficiently misconfigured to bounce 
mail to the From header address, they are likely to be able to produce mail 
loops as well, and I don't want to be a part of it.

(Note: I could firewall the server, but by using MTA layer 550's at least 
they know why I'm blocking them)






More information about the Snort-users mailing list