Hello:
After using the feature IP BLACK LIST under MagicSpam Exception Lists, we have noticed an major increase of emails coming from a couple of specific IPs listed on the Black List.
Ether they're trying to overload the SMTP service just because they are being rejected, or they simply are trying to find out what email address really exists (confirming they exists when MagicSpam rejects the message) while if an address doesn't exists, its the MailServer who sends a response saying MAILBOX NOT FOUND.
Could any of these 2 options below be added in order to avoid this kind of behavior?
. Silent Rejection. Could be that they get no response at all from the server (I understand MagicSpam doesn't send any email when blocks an email/IP. The rejection message is generated by the Postmaster's sender MailServer). If no response is given, the Postmaster of the sender's MailServer will generate a message saying "Sorry I give up, message could not be delivered. Remote server is not responding".
. Or as a second option, simply do a cache rejection. Meaning that if an IP is black listed, and it sends messages to the same address several times a day, they would get the same reply but the SMTP didn't have to stress if its already happened once with the same blocked IP and the same receptor.
I guess this way, known spam sources would stop (or at least reduce) this kind of "attack" if we can call it like that.
I would appreciate an answer on this matter.
Thank you in advance.
Silent Spam Rejection (or at least cache rejection)
Re: Silent Spam Rejection (or at least cache rejection)
Hello Isaak,
Thank you for the suggestions.
It has been our experience that modifying the message(s) in question do not truly change the style or frequency of targeted attacks. In the world of SMTP, it is normally the 'codes' that define the reason (point of fact - many spam attacks we've monitored ignore all RFC compliance and just spew raw data...). To elaborate, as listed from RFC821:
550 Requested action not taken: mailbox unavailable
551 User not local; please try <forward-path>
552 Requested mail action aborted: exceeded storage allocation
553 Requested action not taken: mailbox name not allowed
554 Transaction failed
You have probably already noted that MagicSpam rejects with a 550 code - which falls in line with what you were thinking.
This said, we have planned a release for the 2nd quarter of the year to include some new improvements: one of them being a 'rate limiter' system which can/should assist for the case scenario you have described. This technology has been inclusive in our full mail server solution product for some time now and definitely has been proven to reduce the targeted attacks a server may experience.
Thank you for the suggestions.
It has been our experience that modifying the message(s) in question do not truly change the style or frequency of targeted attacks. In the world of SMTP, it is normally the 'codes' that define the reason (point of fact - many spam attacks we've monitored ignore all RFC compliance and just spew raw data...). To elaborate, as listed from RFC821:
550 Requested action not taken: mailbox unavailable
551 User not local; please try <forward-path>
552 Requested mail action aborted: exceeded storage allocation
553 Requested action not taken: mailbox name not allowed
554 Transaction failed
You have probably already noted that MagicSpam rejects with a 550 code - which falls in line with what you were thinking.
This said, we have planned a release for the 2nd quarter of the year to include some new improvements: one of them being a 'rate limiter' system which can/should assist for the case scenario you have described. This technology has been inclusive in our full mail server solution product for some time now and definitely has been proven to reduce the targeted attacks a server may experience.
Re: Silent Spam Rejection (or at least cache rejection)
Thank you very much for your answer.
I will be waiting then the new improvements for the 2nd quarter of this year.
Kind Regards,
I will be waiting then the new improvements for the 2nd quarter of this year.
Kind Regards,
Who is online
Users browsing this forum: No registered users and 8 guests