BOFH

F

rom time to time, I happen to post on mailing lists with lots of suscribers like SecurityFocus ones. Every time, you have to cope with all thoses vacation messages, bounces, errors and so on. But three days later, they're all gone and that's it. But this time...

So I went posting on that Penetration Testing mailing list. And since, I keep receiving bounces for three messages from paran.com domain.

To: xxxxxxx@hitel.net, 402 Local User
   Inbox Full (xxxxxxx@hitel.net) 4,20971,38310

I'm not particularly angry at that guy who, like so many others, must have subscribed dozains of heavy traffic mailing lists and quickly reached his quota. No. I'm really angry at the MTA administrator. Look at the error report. Error code: 402... Codes beginning with 4 means transient errors, which does not include errors related to user mailbox management that should be treated with permanent error code, begining with 5. That's why RFC821 defines error 552 for exceeded storage allocation for quota related stuff. And by the way, using 0 as second digit means syntax error. I really don't see how a syntax error could be transient. Hummm guy, your command syntax is wrong, but keep trying until RFC is updated ? Come on... So, with their 402, they just tell the MTA just above to keep trying again and again to deliver such messages on a full mailbox, resulting in tons of bounces and useless queue allocation. Great...

So, for 4 days, I keep receiving around 100 hundred bounces (triggered by only three messages) a day from theses bummers, just because someone felt great at breaking his MTA configuration setting an exotic error code in some kind of artistic inspiration[1]. And I forgot to mention that postmaster bounces, and I got no answer from any address returned by whois or mentionned on their website. Thanks a lot guys, you're giving me another reason to love Sieve.

Notes

[1] Broken MTA software could be involved as well, but honestly, I've never seen something like that before