Vernon Schryver wrote:
are double bounces from a system that is an MX secondary. The
bounces are for spam that was accepted by the secondary, refused
by the primary, and cannot be returned to the spammer. Even the
most non-network oriented single-ended filter would benefit from
protocols that coordinate MX secondaries.
...
You can make secondary mail server know valid addresses in the domain
In the real world, that is wrong. Only when the MX secondaries are
either unneeded or practically the same computer as the MX primary
can you hope to have a common list of valid addresses. The rest of
the time, there are compelling practical and policy reasons that keep
MX secondaries from having a common and complete list of valid addresses.
*Good* policies are not the same everywhere. I have seen a few
implementation of "shared" domain with every of the servers capable to
act as primary or secondary MX for the domain.
BTW there is no need to keep "complete list of valid addresses" - MD5
checksums would be sufficient and easy enough to implement.
Moreover, this is entirely irrelevant to problem mentioned.
It was about primary bouncing messages accepted by secondary. If
secondary accepts messages to non existing addresses then bounces
handling create problems approaching DoS when receiving mass "dictionary
recipients" spam. Before "dictionary recipients" spam it had not been
that critical.
So, it is not *entirely* irrelevant but I adresses different cause of
"spam bounces" that you wrote about.
[...]
--
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg