You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <cp...@earthlink.net> on 2006/11/23 02:34:18 UTC
backscatter from a joejob is killing me
I've been receiving tons of supposed bounces from Peru saying I've sent
messages to non-existant address using a cpollock@earthlink.com address.
One such bounce is below:
Return-Path: <>
Received: from pop.earthlink.net [209.86.93.201]
by localhost with POP3 (fetchmail-6.2.5)
for cpollock@localhost (single-drop); Wed, 22 Nov 2006 03:44:55
-0600 (CST)
Received: from barracuda.americatv.com.pe ([200.60.156.44])
by mx-nebolish.atl.sa.earthlink.net (EarthLink SMTP Server) with
ESMTP id 1gMOEB4tQ3Nl3490
for <cp...@earthlink.net>; Wed, 22 Nov 2006 04:44:29 -0500 (EST)
MIME-Version: 1.0
From: MAILER-DAEMON <>
Message-Id: <00...@feeil>
Subject: **Message you sent blocked by our bulk email filter**
Content-Type: multipart/report; report-type=delivery-status;
charset=utf-8;
boundary="----------=_1164188668-21286-133"
To: <cp...@earthlink.com>
Date: Wed, 22 Nov 2006 04:44:28 -0500 (PET)
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=001;
X-SenderIP: 200.60.156.44
X-ASN: ASN-6147
X-CIDR: 200.60.128.0/19
Your message to: jtola@americatv.com.pe
was blocked by our Spam Firewall. The email you sent with the following
subject has NOT BEEN DELIVERED:
Subject: Manual de Comercio Exterior para empresarios Exportadores -
Publicidad
Reporting-MTA: dns; barracuda.americatv.com.pe
Received-From-MTA: smtp; barracuda.americatv.com.pe ([127.0.0.1])
Arrival-Date: Wed, 22 Nov 2006 04:44:27 -0500 (PET)
Content-Type:
X-UID: 80197
Final-Recipient: rfc822; jtola@americatv.com.pe
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
id=21286-02-6
Last-Attempt-Date: Wed, 22 Nov 2006 04:44:28 -0500 (PET)
Received: from ROSITAS (unknown [201.240.82.234])
by barracuda.americatv.com.pe (Spam Firewall) with SMTP id 53F60AC0B
for <jt...@americatv.com.pe>; Wed, 22 Nov 2006 04:44:25 -0500 (PET)
Message-ID: <00...@feeil>
Reply-To: "=?windows-1251?B?RXhwb3J0YSBQZXJ1IElQSg==?="
<ex...@solucionperu.com>
From: "=?windows-1251?B?RXhwb3J0YSBQZXJ1IElQSg==?=" <cp...@earthlink.com>
Subject:
=?windows-1251?B?TWFudWFsIGRlIENvbWVyY2lvIEV4dGVyaW9yIHBhcmEgZW1wcmVzYXJpb3MgRXhwb3J0YWRvcmVzIC0gUHVibGljaWRhZA==?=
Date: Wed, 22 Nov 2006 04:43:26 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
I've gotten about 500 of these today and its getting to be hell weeding
through them to pull out my LARTs which are also bouncing. Any
ideas/suggestions are whole heartedly welcome.
Chris
--
Chris
Re: backscatter from a joejob is killing me
Posted by Bob Proulx <bo...@proulx.com>.
Mick Pollard wrote:
> On Wed, 2006-11-22 at 19:34 -0600, Chris wrote:
> > I've gotten about 500 of these today and its getting to be hell weeding
> > through them to pull out my LARTs which are also bouncing. Any
> > ideas/suggestions are whole heartedly welcome.
>
> This may be useful. I haven't had a proper look but it is on my ( long )
> todo list.
> http://www.postfix.org/BACKSCATTER_README.html
I am using the techniques described there and it really does help.
Bob
Re: backscatter from a joejob is killing me
Posted by Mick Pollard <li...@lunix.com.au>.
Ramprasad wrote:
>
> On Wed, 2006-11-22 at 19:34 -0600, Chris wrote:
>
>> I've been receiving tons of supposed bounces from Peru saying I've sent
>> messages to non-existant address using a cpollock@earthlink.com address.
>> One such bounce is below:
>>
>> Return-Path: <>
>> Received: from pop.earthlink.net [209.86.93.201]
>> by localhost with POP3 (fetchmail-6.2.5)
>> for cpollock@localhost (single-drop); Wed, 22 Nov 2006 03:44:55
>> -0600 (CST)
>> Received: from barracuda.americatv.com.pe ([200.60.156.44])
>> by mx-nebolish.atl.sa.earthlink.net (EarthLink SMTP Server) with
>> ESMTP id 1gMOEB4tQ3Nl3490
>> for <cp...@earthlink.net>; Wed, 22 Nov 2006 04:44:29 -0500 (EST)
>> MIME-Version: 1.0
>> From: MAILER-DAEMON <>
>> Message-Id: <00...@feeil>
>> Subject: **Message you sent blocked by our bulk email filter**
>> Content-Type: multipart/report; report-type=delivery-status;
>> charset=utf-8;
>> boundary="----------=_1164188668-21286-133"
>> To: <cp...@earthlink.com>
>> Date: Wed, 22 Nov 2006 04:44:28 -0500 (PET)
>> X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=001;
>> X-SenderIP: 200.60.156.44
>> X-ASN: ASN-6147
>> X-CIDR: 200.60.128.0/19
>>
>> Your message to: jtola@americatv.com.pe
>> was blocked by our Spam Firewall. The email you sent with the following
>> subject has NOT BEEN DELIVERED:
>>
>> Subject: Manual de Comercio Exterior para empresarios Exportadores -
>> Publicidad
>>
>> Reporting-MTA: dns; barracuda.americatv.com.pe
>> Received-From-MTA: smtp; barracuda.americatv.com.pe ([127.0.0.1])
>> Arrival-Date: Wed, 22 Nov 2006 04:44:27 -0500 (PET)
>> Content-Type:
>> X-UID: 80197
>>
>> Final-Recipient: rfc822; jtola@americatv.com.pe
>> Action: failed
>> Status: 5.7.1
>> Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
>> id=21286-02-6
>> Last-Attempt-Date: Wed, 22 Nov 2006 04:44:28 -0500 (PET)
>>
>> Received: from ROSITAS (unknown [201.240.82.234])
>> by barracuda.americatv.com.pe (Spam Firewall) with SMTP id 53F60AC0B
>> for <jt...@americatv.com.pe>; Wed, 22 Nov 2006 04:44:25 -0500 (PET)
>> Message-ID: <00...@feeil>
>> Reply-To: "=?windows-1251?B?RXhwb3J0YSBQZXJ1IElQSg==?="
>> <ex...@solucionperu.com>
>> From: "=?windows-1251?B?RXhwb3J0YSBQZXJ1IElQSg==?=" <cp...@earthlink.com>
>> Subject:
>> =?windows-1251?B?TWFudWFsIGRlIENvbWVyY2lvIEV4dGVyaW9yIHBhcmEgZW1wcmVzYXJpb3MgRXhwb3J0YWRvcmVzIC0gUHVibGljaWRhZA==?=
>> Date: Wed, 22 Nov 2006 04:43:26 -0500
>> MIME-Version: 1.0
>> Content-Type: text/html;
>> charset="windows-1251"
>> Content-Transfer-Encoding: 7bit
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook Express 6.00.2800.1081
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
>>
>> I've gotten about 500 of these today and its getting to be hell weeding
>> through them to pull out my LARTs which are also bouncing. Any
>> ideas/suggestions are whole heartedly welcome.
>>
>
>
> >From the stats on my server earthlink.net is a top forged domain.
>
> So many of my users simply want earthlink.net blacklisted, but I cant
> do that. They could use spf but apparently that didnt work for them
>
> Unfortunately such bounces are creating problems for my servers too ,
> who send these NDRs to innocent emailids from earthlink
>
> I had been reading about BATV. But didnt quiet get time to really go
> thru the docs
>
> http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation
>
> Anyone using BATV already ?
>
>
>
Hi all,
This may be useful. I haven't had a proper look but it is on my ( long )
todo list.
http://www.postfix.org/BACKSCATTER_README.html
Regards
Mick Pollard
__lunix__
Re: backscatter from a joejob is killing me
Posted by Ramprasad <ra...@netcore.co.in>.
On Wed, 2006-11-22 at 19:34 -0600, Chris wrote:
> I've been receiving tons of supposed bounces from Peru saying I've sent
> messages to non-existant address using a cpollock@earthlink.com address.
> One such bounce is below:
>
> Return-Path: <>
> Received: from pop.earthlink.net [209.86.93.201]
> by localhost with POP3 (fetchmail-6.2.5)
> for cpollock@localhost (single-drop); Wed, 22 Nov 2006 03:44:55
> -0600 (CST)
> Received: from barracuda.americatv.com.pe ([200.60.156.44])
> by mx-nebolish.atl.sa.earthlink.net (EarthLink SMTP Server) with
> ESMTP id 1gMOEB4tQ3Nl3490
> for <cp...@earthlink.net>; Wed, 22 Nov 2006 04:44:29 -0500 (EST)
> MIME-Version: 1.0
> From: MAILER-DAEMON <>
> Message-Id: <00...@feeil>
> Subject: **Message you sent blocked by our bulk email filter**
> Content-Type: multipart/report; report-type=delivery-status;
> charset=utf-8;
> boundary="----------=_1164188668-21286-133"
> To: <cp...@earthlink.com>
> Date: Wed, 22 Nov 2006 04:44:28 -0500 (PET)
> X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=001;
> X-SenderIP: 200.60.156.44
> X-ASN: ASN-6147
> X-CIDR: 200.60.128.0/19
>
> Your message to: jtola@americatv.com.pe
> was blocked by our Spam Firewall. The email you sent with the following
> subject has NOT BEEN DELIVERED:
>
> Subject: Manual de Comercio Exterior para empresarios Exportadores -
> Publicidad
>
> Reporting-MTA: dns; barracuda.americatv.com.pe
> Received-From-MTA: smtp; barracuda.americatv.com.pe ([127.0.0.1])
> Arrival-Date: Wed, 22 Nov 2006 04:44:27 -0500 (PET)
> Content-Type:
> X-UID: 80197
>
> Final-Recipient: rfc822; jtola@americatv.com.pe
> Action: failed
> Status: 5.7.1
> Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE,
> id=21286-02-6
> Last-Attempt-Date: Wed, 22 Nov 2006 04:44:28 -0500 (PET)
>
> Received: from ROSITAS (unknown [201.240.82.234])
> by barracuda.americatv.com.pe (Spam Firewall) with SMTP id 53F60AC0B
> for <jt...@americatv.com.pe>; Wed, 22 Nov 2006 04:44:25 -0500 (PET)
> Message-ID: <00...@feeil>
> Reply-To: "=?windows-1251?B?RXhwb3J0YSBQZXJ1IElQSg==?="
> <ex...@solucionperu.com>
> From: "=?windows-1251?B?RXhwb3J0YSBQZXJ1IElQSg==?=" <cp...@earthlink.com>
> Subject:
> =?windows-1251?B?TWFudWFsIGRlIENvbWVyY2lvIEV4dGVyaW9yIHBhcmEgZW1wcmVzYXJpb3MgRXhwb3J0YWRvcmVzIC0gUHVibGljaWRhZA==?=
> Date: Wed, 22 Nov 2006 04:43:26 -0500
> MIME-Version: 1.0
> Content-Type: text/html;
> charset="windows-1251"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2800.1081
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
>
> I've gotten about 500 of these today and its getting to be hell weeding
> through them to pull out my LARTs which are also bouncing. Any
> ideas/suggestions are whole heartedly welcome.
>>From the stats on my server earthlink.net is a top forged domain.
So many of my users simply want earthlink.net blacklisted, but I cant
do that. They could use spf but apparently that didnt work for them
Unfortunately such bounces are creating problems for my servers too ,
who send these NDRs to innocent emailids from earthlink
I had been reading about BATV. But didnt quiet get time to really go
thru the docs
http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation
Anyone using BATV already ?