l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2006 Jun 20 07:47

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Why change default ssh port?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Why change default ssh port?



Quoting Bill Kendrick (nbs@sonic.net):

[Backscatter spam and "antivirus warnings" as secondary results from
Microsoft malware:]

> I have a whole stack of .procmail rules to chuck mail daemon bounces
> regarding this crap to /dev/null.
> 
> (e.g., something found my address, and someone else's address on the 'net.
> It began sending viruses/spam to that other person, using my address as
> a forged 'To'.  When the mail bounces due to the address being gone,
> the mailbox being over quota, or the user blocking mail from me, _I_
> get them.  Total PITA.)

Not that it's much help for users having to suffer such garbage, but
this is one of the sins I try hard to avoid committing as a SMTP daemon 
(MTA = Mail Transfer Agent) operator:  I issue reject messages (DSNs) 
only during the ongoing SMTP delivery attempt, and thus state my
system's non-acceptance directly to the IP address trying to drop off
the mail.  By constrast, the old-school method was to accept the mail,
only then evaluate its acceptability, and send back a reject e-mail 
(a "bounce message" encapulating the 55x DSN) to the claimed, apparent
sender.  Which of course means you're generating backscatter spam when
the sender was forged, and makes you part of the problem.  I try not to
be part of the problem.  ;->

A vocal minority (such as the aforementioned Jeff Waugh) allege that
_even_ issuing 55x DSNs is being part of the problem, since the
delivering MTA might choose to do something harmful with the error
message, like send it to a forged sender address, and that such misdeeds
are then somehow my fault.  (A brief debate on this point occurred in
the linux-elitists thread Pete referred to.)

Additionally, my domain publishes SPF records in its DNS, which provides
a means for receiving MTAs to detect and reject forgeries of my domain.
(My SPF reference record identifies which IPs are allowed to send mail 
for my domain.  Any receiving MTA can vet arriving mail against that
information, and reject forged mail from other, unauthorised IPs.)

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!