Table of Contents
Advertisement
When the Domino SMTP task operates in this mode, undeliverable mail is always
held in the mail.box file. This setting prevents spammers from gleaning valid
addresses, by process of elimination, from all the returned non-delivery reports.
However, the undelivered messages can still accumulate in the mail.box file.
Note: In both types of attacks (Harvesting or DoS) it is likely that the attack will
create a substantial load on your mail server with errant spam mail messages
(in either HELD or DEAD state), so you should monitor your mail.box closely.
We recommend building a new view in mail.box that isolates mail with the
following select formula:
and a column that displays the field "IntendedRecipient." If this new view
contains more than a few messages where the IntendedRecipient is an invalid
address in your domain, then you may have been (or may still be!) the target
of an e-mail harvesting attack.
By studying the content of these messages you can adjust your Inbound
Connection controls to defend against such attacks. Look carefully at the
Received fields in the problem messages. If the messages appear to come from
the same IP address or range of IP addresses, you may want to deny
connections from those particular IP address. However, you should be aware that
spammers often roam the internet looking for open relay servers from which to
send their spam, so the IP connections that you observe in the messages may
not show a pattern. Also, even though you may use a DSN Blacklist service, the
lists can lag behind as new open relays open up all the time.
Even with these anti-spam measures in place, it is always a good idea to monitor
your mail.box for dead and held messages. Typically these messages are just
spam junk and can be deleted, but occasionally you may see a true addressing
error: a slight misspelling of a true recipient in your mail system, for example.
We think the best combination is to use the "Hold undeliverable mail" setting
combined with active monitoring of mail.box for repeat offending IP addresses.
When you use "Hold undeliverable mail," Domino always accepts mail, preventing
all types of active harvesting. Active monitoring of mail.box is required to prevent
the negative impact of spam mail bombing and the accumulation of large
amounts of bogus undeliverable spam mail.
64
Lotus Domino 6 spam Survival Guide for IBM eServer
Advertisement
Table of Contents
