You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris Arnold <ca...@electrichendrix.com> on 2008/10/29 23:44:09 UTC
Getting hammered by backscatter
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At
the present time, my mailbox is filled with backscatter; getting
around 10 a minute since 4:30 today. I have postfix backscatter rules
in postfix of zimbra, http://www.postfix.org/BACKSCATTER_README.html#real
but still getting pounded. Here is the header from on such mail:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
marykiev@tm.odessa.ua
SMTP error from remote mail server after RCPT TO:<marykiev@tm.odessa.ua
>:
host relay1.tm.odessa.ua [195.66.204.50]: 511 sorry, no mailbox
here by that name (#5.1.1 - chkuser)
------ This is a copy of the message, including all the headers. ------
Return-path: <em...@moderated.com>
Received: from chello089074205165.chello.pl ([89.74.205.165])
by wifi-router.tm.odessa.ua with esmtp (Exim 4.69 (FreeBSD))
(envelope-from <em...@moderated.com>)
id 1KvJP6-000Eho-L0
for marykiev@tm.odessa.ua; Thu, 30 Oct 2008 00:20:42 +0200
Message-ID: <00...@weuwrbe>
From: =?koi8-r?B?4c3X0s/Tycog4czT2c7Cwco=?= <em...@moderated.com>
To: <ma...@tm.odessa.ua>
Subject: =?koi8-r?B?5dfSz9DFytPLwdEgzsXExczRIMvB3sXT1NfB?=
Date: Wed, 29 Oct 2008 20:30:54 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0004_01C93A14.03BA381D"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
This is a multi-part message in MIME format.
------=_NextPart_000_0004_01C93A14.03BA381D
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Can someone please help me stop this? A while back, there was a thread
that pointed to a website, backscatter.org or something like that,
that we used that since the upgrade did a wonderful job. Anyone
remember that web site?
Re: Getting hammered by backscatter
Posted by Matthew Newton <mc...@leicester.ac.uk>.
Hi,
On Wed, 29 Oct 2008, Chris Arnold wrote:
> We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At the
> present time, my mailbox is filled with backscatter; getting around 10 a
> minute since 4:30 today. I have postfix backscatter rules in postfix of
> zimbra, http://www.postfix.org/BACKSCATTER_README.html#real but still getting
> pounded. Here is the header from on such mail:
I don't know how easy it is in Postfix (I use exim, and it's
fairly trivial in that), but one effective solution for this is
BATV.
http://mipassoc.org/batv/
Cheers
Matthew
--
Matthew Newton, Ph.D. <mc...@le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <it...@le.ac.uk>
Re: Getting hammered by backscatter
Posted by Martin Gregorie <ma...@gregorie.org>.
On Thu, 2008-10-30 at 10:28 -0600, Karl Pearson wrote:
> On Wed, 29 Oct 2008, Chris Arnold wrote:
>
> > We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At the
> > present time, my mailbox is filled with backscatter; getting around 10 a
> > minute since 4:30 today. I have postfix backscatter rules in postfix of
> > zimbra, http://www.postfix.org/BACKSCATTER_README.html#real but still getting
> > pounded. Here is the header from on such mail:
> >
Have you set up SPF records for your domain?
SPF records let the sites bouncing the spam discover that the sender has
been forged by the spammer. SPF can't eliminate all backscatter, but
should at least reduce the size of the barrage.
http://www.openspf.org/ describes SPF and has a tool for creating an SPF
record.
http://www.kitterman.com/spf/validate.html provides additional tools for
testing SPF records.
Martin
Re: Getting hammered by backscatter
Posted by Karl Pearson <ka...@ourldsfamily.com>.
On Wed, 29 Oct 2008, Chris Arnold wrote:
> We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At the
> present time, my mailbox is filled with backscatter; getting around 10 a
> minute since 4:30 today. I have postfix backscatter rules in postfix of
> zimbra, http://www.postfix.org/BACKSCATTER_README.html#real but still getting
> pounded. Here is the header from on such mail:
>
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
> marykiev@tm.odessa.ua
> SMTP error from remote mail server after RCPT TO:<ma...@tm.odessa.ua>:
> host relay1.tm.odessa.ua [195.66.204.50]: 511 sorry, no mailbox here by
> that name (#5.1.1 - chkuser)
Your domain was used as the spoofed 'from' address, so it's technically
not backscatter, but rather bounced email sent to an invalid address.
Since you are the spoofed 'from' address, you are the lucky recipient of
all their bad email addresses. In other words, the spammer got sold a bad
list of email addresses. Too bad for them, worse for you. You could use an
iptables rule (if you are *nix) that would block that domain for a time:
iptables -I INPUT -s 89.74.205.165 -j DROP
but with all the different domains the bounces are probably coming from,
that might be much too tedious to get all of them, unless they targeted
just chello.pl accounts...
>
> ------ This is a copy of the message, including all the headers. ------
>
> Return-path: <em...@moderated.com>
> Received: from chello089074205165.chello.pl ([89.74.205.165])
> by wifi-router.tm.odessa.ua with esmtp (Exim 4.69 (FreeBSD))
> (envelope-from <em...@moderated.com>)
> id 1KvJP6-000Eho-L0
> for marykiev@tm.odessa.ua; Thu, 30 Oct 2008 00:20:42 +0200
> Message-ID: <00...@weuwrbe>
> From: =?koi8-r?B?4c3X0s/Tycog4czT2c7Cwco=?= <em...@moderated.com>
> To: <ma...@tm.odessa.ua>
> Subject: =?koi8-r?B?5dfSz9DFytPLwdEgzsXExczRIMvB3sXT1NfB?=
> Date: Wed, 29 Oct 2008 20:30:54 +0000
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0004_01C93A14.03BA381D"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2720.3000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0004_01C93A14.03BA381D
> Content-Type: text/plain;
> charset="koi8-r"
> Content-Transfer-Encoding: quoted-printable
>
> Can someone please help me stop this? A while back, there was a thread that
> pointed to a website, backscatter.org or something like that, that we used
> that since the upgrade did a wonderful job. Anyone remember that web site?
>
---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-\\<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---
"Our Constitution was made only for a moral and religious people.
It is wholly inadequate to the government of any other."
--John Quincy Adams
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---
Re: Getting hammered by backscatter - possible solution: vbounce
?
Posted by mouss <mo...@netoyen.net>.
Andy Spiegl wrote:
> [snip]
>
> But I do agree with Karsten (or Guenther?) that we shouldn't raise the
> score.
yes, vbounce does FP. Let's test:
nobody wrote:
> I will be on vacation from 1/2/2345 to 6/7/8901.
will vbounce tag this message?
> But my problem is that I cannot explain to all of my users how
> to setup a filter for this SA-tag in their MUA or in smartsieve. They
> either can't or don't want to know such deeply technical things. :-(
>
Re: Getting hammered by backscatter - possible solution: vbounce ?
Posted by Andy Spiegl <sp...@br-online.de>.
On 2008-11-03, 13:02, Bob Kinney wrote:
> We set up server side filters for SPAM that users can enable or
> disable, is this something you could do in your environment?
Uhmmm...not easily I think.
We're using a combination of postfix and AMaViS.
I'd have to plug procmail inbetween somehow...
Thanks,
Andy.
--
No matter how long or how hard you shop for an item,
after you've bought it, it will be on sale somewhere cheaper.
Re: Getting hammered by backscatter - possible solution: vbounce
?
Posted by Bob Kinney <bk...@hmdc.harvard.edu>.
> Uhmm... interesting. What exactly might cause this?
> I tried to trigger this behaviour bouncing and forwarding mails from
> different accounts but never saw the __BOUNCE_RPATH_NULL tag.
Might just be our mail server software. It's something we've worked around.
> But I do agree with Karsten (or Guenther?) that we shouldn't raise the
> score. But my problem is that I cannot explain to all of my users how
> to setup a filter for this SA-tag in their MUA or in smartsieve. They
> either can't or don't want to know such deeply technical things. :-(
We set up server side filters for SPAM that users can enable or disable,
is this something you could do in your environment? This would
essentially remove the onus from your users to have to configure it
client side.
Regards,
Bob
--
Earl (Bob) Kinney
Manager of Research Computing
Harvard-MIT Data Center
Re: Getting hammered by backscatter - possible solution: vbounce ?
Posted by Andy Spiegl <sp...@br-online.de>.
On 2008-11-03, 10:13, Bob Kinney wrote:
> but had one unfortunate side effect: E-mail forwarded from another
> account to an account on our servers was considered a "bounce"
> because it hit __BOUNCE_RPATH_NULL.
Uhmm... interesting. What exactly might cause this?
I tried to trigger this behaviour bouncing and forwarding mails from
different accounts but never saw the __BOUNCE_RPATH_NULL tag.
> YMMV, so I recommend testing the rule with the default score
> (i.e. not using it to mark SPAM) first.
Yepp, that's what I started doing last week. :-)
But I do agree with Karsten (or Guenther?) that we shouldn't raise the
score. But my problem is that I cannot explain to all of my users how
to setup a filter for this SA-tag in their MUA or in smartsieve. They
either can't or don't want to know such deeply technical things. :-(
Thx,
Andy.
--
There is no challenge more challenging
than the challenge to improve yourself. -- Michael F. Staley
Re: Getting hammered by backscatter - possible solution: vbounce
?
Posted by Bob Kinney <bk...@hmdc.harvard.edu>.
>> We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin
>> built-in. At the present time, my mailbox is filled with
>> backscatter; getting around 10 a minute since 4:30 today. I have
>> postfix backscatter rules in postfix of zimbra,
>> http://www.postfix.org/BACKSCATTER_README.html#real but still
>> getting pounded.
>
> Shouldn't the vbounce ruleset help here?
>
> I'm asking because me and my users have the same problem and I am
> currently considering giving the ANY_BOUNCE_MESSAGE a higher score
> but I am not sure yet whether it's a good idea or not.
>
> How is your experience with vbounce? Is it safe enough?
> (the ML archives don't show too many complaints...)
>
> Anyone out there who raised the score of ANY_BOUNCE_MESSAGE
> and did not drown in user complaints? :-)
It certainly helped in my environment with the user requests, but had
one unfortunate side effect: E-mail forwarded from another account to an
account on our servers was considered a "bounce" because it hit
__BOUNCE_RPATH_NULL.
I ended up modifying that rule as it didn't seem to hit any bounces that
didn't already get hit by the other rules. Otherwise vbounce does a
reasonably good job of marking bounce messages. If you don't have users
forwarding into or out of your mail servers, then you probably don't
have anything to worry about on that front.
If you're just filtering to another folder it won't really change the
fact that messages are coming in though. I've still had a couple of
users complain about their SPAM folders getting 100s of bounce messages
an hour, and in those cases I specifically ended up filtering the SPAM
bounces to the bit bucket.
YMMV, so I recommend testing the rule with the default score (i.e. not
using it to mark SPAM) first.
Regards,
Bob
--
Earl (Bob) Kinney
Manager of Research Computing
Harvard-MIT Data Center
Re: Getting hammered by backscatter - possible solution: vbounce ?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2008-11-03 at 15:57 +0100, Andy Spiegl wrote:
> Shouldn't the vbounce ruleset help here?
Yes, it does. :)
> I'm asking because me and my users have the same problem and I am
> currently considering giving the ANY_BOUNCE_MESSAGE a higher score
> but I am not sure yet whether it's a good idea or not.
It isn't. The question of "raising that score, treating bounces as spam,
and whether it works for others" has been answered a few times before.
General consensus is that backscatter is NOT spam. Everyone answering to
this question did not raise the score, but filters backscatter into a
dedicated mail folder. Treating them as spam is likely to poison your
Bayes DB. Moreover, as you seem to have noticed already, VBounce
identifies backscatter that does not contain the original spam.
VBounce is not intended to flag bounces as spam. It's purpose is to
identify and catch bounces. Hence the low score -- the only reason it
got a non-zero score is, because that would disable the rule. Please
check the archives for threads about the VBounce plugin or backscatter.
Now, here goes one of my favorite quotes, *yet* again:
$ grep -A 2 procmail /usr/share/spamassassin/20_vbounce.cf
# If you use this, set up procmail or your mail app to spot the
# "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move
# messages that match that to a 'vbounce' folder.
> How is your experience with vbounce? Is it safe enough?
> (the ML archives don't show too many complaints...)
It is reasonably safe and quite efficient. Catches a hell of a lot of
backscatter for me. However, please do note that I have seen it hitting
on legitimate mail, though very rare. Also, some out-of-office auto
responses [1] are just impossible to catch.
> Anyone out there who raised the score of ANY_BOUNCE_MESSAGE
> and did not drown in user complaints? :-)
According to my memory and the archives: No. :)
guenther
[1] And other auto responses. "This email address has been shut down due
to spam. Please use my new address..." Don't you love those?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Getting hammered by backscatter - possible solution: vbounce ?
Posted by Andy Spiegl <sp...@br-online.de>.
On 2008-10-29, 18:44, Chris Arnold wrote:
> We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin
> built-in. At the present time, my mailbox is filled with
> backscatter; getting around 10 a minute since 4:30 today. I have
> postfix backscatter rules in postfix of zimbra,
> http://www.postfix.org/BACKSCATTER_README.html#real but still
> getting pounded.
Shouldn't the vbounce ruleset help here?
I'm asking because me and my users have the same problem and I am
currently considering giving the ANY_BOUNCE_MESSAGE a higher score
but I am not sure yet whether it's a good idea or not.
How is your experience with vbounce? Is it safe enough?
(the ML archives don't show too many complaints...)
Anyone out there who raised the score of ANY_BOUNCE_MESSAGE
and did not drown in user complaints? :-)
Thanks,
Andy.
--
There are so many ways to describe success, not the least of which
is the way your child describes you when talking to a friend.
Re: Getting hammered by backscatter
Posted by Benny Pedersen <me...@junc.org>.
On Sun, November 2, 2008 22:18, mouss wrote:
>> that rbl long ago, olso its bad to see dsn go out to remote mtas is the
>> biggest problem mailerdaemons should stay local
> sorry, I don't understand the last part.
i explain badly sorry for that, but when mta bounces mailer daemons msg
outside the mta the config is badly broken
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Getting hammered by backscatter
Posted by mouss <mo...@netoyen.net>.
Benny Pedersen wrote:
> On Sun, November 2, 2008 19:14, mouss wrote:
>
>> PS. don't think SPF will help. this has been discussed here and
>> elsewhere before.
>
> SPF helps if its used from the sites that does use spf in mta stage, if not
> used it will turn over to be a backscatter site itself
>
yes, but I don't have enough optimism to believe that sites that can't
fix their backscatter problem will check SPF (or check anything!) before
sending it ;-p
> that rbl listed sourceforge.net for backscatter,
which is why the test is done at data stage instead of rcpt stage. if
done at rcpt stage, it will block sites that do sender verification.
> thats why i stopped using
> that rbl long ago, olso its bad to see dsn go out to remote mtas is the
> biggest problem mailerdaemons should stay local
>
sorry, I don't understand the last part.
Re: Getting hammered by backscatter
Posted by Benny Pedersen <me...@junc.org>.
On Sun, November 2, 2008 19:14, mouss wrote:
> PS. don't think SPF will help. this has been discussed here and
> elsewhere before.
SPF helps if its used from the sites that does use spf in mta stage, if not
used it will turn over to be a backscatter site itself
that rbl listed sourceforge.net for backscatter, thats why i stopped using
that rbl long ago, olso its bad to see dsn go out to remote mtas is the
biggest problem mailerdaemons should stay local
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Getting hammered by backscatter
Posted by mouss <mo...@netoyen.net>.
Sahil Tandon wrote:
> Matthias Leisi <ma...@leisi.net> wrote:
>
>> mouss schrieb:
>>
>>>>> reject_backscatter =
>>>>> reject_rbl_client ips.backscatterer.org
>>>> Which will very likely result in a lot of false positives.
>>> an FP here would mostly be: a bounce from a 3d party that is listed on
>>> backscatterer.org. do you get a lot of such mail?
>> No, an FP is an FP. ips.backscatterer.org lists a lot of perfectly valid
>> mailservers, and outright blocking at the MTA with that list is a bad idea.
>
> The above statement is true but does not address the context in which
> mouss suggests using the blacklist. If you are checking IPs against the
> list *only* for bounces, the chances of FPs is immensely decreased. He
> never suggested checking *all* connecting IPs against that list.
>
Matthias has apparently missed the check_sender_access part. if not, I
am curious to learn about these "lot of false positives". I don't see
enough "wanted" bounces, so my view is obviously partial/biased.
Note that I am not saying the checks are safe. there will be FPs. so the
checks should only be enabled in case of a bs storm, if ever (should
have said so before. sorry for that).
PS. I personally don't use these checks at this time. not because of
FPs, but because most bs I get is to "forwarded" addresses, when it's
too late to reject.
Re: Getting hammered by backscatter
Posted by Sahil Tandon <sa...@tandon.net>.
Matthias Leisi <ma...@leisi.net> wrote:
> mouss schrieb:
>
> >>> reject_backscatter =
> >>> reject_rbl_client ips.backscatterer.org
> >>
> >> Which will very likely result in a lot of false positives.
> >
> > an FP here would mostly be: a bounce from a 3d party that is listed on
> > backscatterer.org. do you get a lot of such mail?
>
> No, an FP is an FP. ips.backscatterer.org lists a lot of perfectly valid
> mailservers, and outright blocking at the MTA with that list is a bad idea.
The above statement is true but does not address the context in which
mouss suggests using the blacklist. If you are checking IPs against the
list *only* for bounces, the chances of FPs is immensely decreased. He
never suggested checking *all* connecting IPs against that list.
--
Sahil Tandon <sa...@tandon.net>
Re: Getting hammered by backscatter
Posted by Matthias Leisi <ma...@leisi.net>.
mouss schrieb:
>>> reject_backscatter =
>>> reject_rbl_client ips.backscatterer.org
>>
>> Which will very likely result in a lot of false positives.
>
> an FP here would mostly be: a bounce from a 3d party that is listed on
> backscatterer.org. do you get a lot of such mail?
No, an FP is an FP. ips.backscatterer.org lists a lot of perfectly valid
mailservers, and outright blocking at the MTA with that list is a bad idea.
-- Matthias
Re: Getting hammered by backscatter
Posted by mouss <mo...@netoyen.net>.
Matthias Leisi wrote:
> mouss schrieb:
>
>> reject_backscatter =
>> reject_rbl_client ips.backscatterer.org
>
> Which will very likely result in a lot of false positives.
>
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org. do you get a lot of such mail?
Re: Getting hammered by backscatter
Posted by Matthias Leisi <ma...@leisi.net>.
mouss schrieb:
> reject_backscatter =
> reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
-- Matthias
Re: Getting hammered by backscatter
Posted by mouss <mo...@netoyen.net>.
Chris Arnold wrote:
> We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At
> the present time, my mailbox is filled with backscatter; getting around
> 10 a minute since 4:30 today. I have postfix backscatter rules in
> postfix of zimbra,
> http://www.postfix.org/BACKSCATTER_README.html#real but still getting
> pounded. Here is the header from on such mail:
>
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
> marykiev@tm.odessa.ua
> SMTP error from remote mail server after RCPT
> TO:<ma...@tm.odessa.ua>:
> host relay1.tm.odessa.ua [195.66.204.50]: 511 sorry, no mailbox here
> by that name (#5.1.1 - chkuser)
>
> ------ This is a copy of the message, including all the headers. ------
>
> Return-path: <em...@moderated.com>
> Received: from chello089074205165.chello.pl ([89.74.205.165])
> by wifi-router.tm.odessa.ua with esmtp (Exim 4.69 (FreeBSD))
> (envelope-from <em...@moderated.com>)
> id 1KvJP6-000Eho-L0
> for marykiev@tm.odessa.ua; Thu, 30 Oct 2008 00:20:42 +0200
> Message-ID: <00...@weuwrbe>
> From: =?koi8-r?B?4c3X0s/Tycog4czT2c7Cwco=?= <em...@moderated.com>
> To: <ma...@tm.odessa.ua>
> Subject: =?koi8-r?B?5dfSz9DFytPLwdEgzsXExczRIMvB3sXT1NfB?=
> Date: Wed, 29 Oct 2008 20:30:54 +0000
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0004_01C93A14.03BA381D"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2720.3000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0004_01C93A14.03BA381D
> Content-Type: text/plain;
> charset="koi8-r"
> Content-Transfer-Encoding: quoted-printable
>
> Can someone please help me stop this? A while back, there was a thread
> that pointed to a website, backscatter.org or something like that, that
> we used that since the upgrade did a wonderful job. Anyone remember that
> web site?
>
>
you could try
smtpd_restriction_classes =
...
reject_backscatter
smtpd_data_restrictions =
check_sender_access pcre:/etc/postfix/bounce_access
reject_backscatter =
reject_rbl_client ips.backscatterer.org
== bounce_access
/^$/ reject_backscatter
/^mailer\-daemon/ reject_backscatter
/^postmaster@/ reject_backscatter
the check is done at DATA stage to avoid blocking (the abusive) SAV
probes (CBV, callout verification, ... or whatever you name it).
note that this will reject "legitimate" bounces if they are sent from a
client listed on backscatterer.
PS. don't think SPF will help. this has been discussed here and
elsewhere before.
RE: Getting hammered by backscatter
Posted by RobertH <ro...@abbacomm.net>.
> how can anyone solve anything when postmasters cant talk together ?
>
> doh
>
>
> --
> Benny Pedersen
>
*snip* advertisement and link
benny,
do you trust emails from some postmaster at some domain and spend lots of
time answering them?
yeah, right.
and btw benny, please stop spamming us w/ the need more webspace ads
please???
DOH!
- rh
Re: Getting hammered by backscatter
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Am 2008-11-07 21:27:17, schrieb Benny Pedersen:
> how can anyone solve anything when postmasters cant talk together ?
IF there are legitimate "postmaser" messages from serious domains, they
will go throuh... But I do not like to kommunicate with postmaster from
domains bombing me.
Please note, that my cache hold currently 4783 Domains where only 431
are actively blocked because in the last 7 days the have send me at
least 5 backscatters...
So I do NOT blindely block someone.
It is a question of responsability.
Also, if REALY someone want to contact me, they can go to my website and
the link "Contact" is VERY good visible including a real E-Mail.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Re: Getting hammered by backscatter
Posted by Sahil Tandon <sa...@tandon.net>.
Benny Pedersen <me...@junc.org> wrote:
> On Fri, November 7, 2008 19:31, mouss wrote:
>
> >>> postmaster@
> >> http://rfc-ignorant.org/policy-postmaster.php
> > the rfci policy applies to postmaster as a recipient. nobody can force
> > you to accept mail _from_ postmaster.
>
> how can anyone solve anything when postmasters cant talk together ?
You miss the point; your link was not appropriate to the question and
mouss simply indicated that.
--
Sahil Tandon <sa...@tandon.net>
Re: Getting hammered by backscatter
Posted by mouss <mo...@netoyen.net>.
Benny Pedersen wrote:
> On Fri, November 7, 2008 19:31, mouss wrote:
>
>>>> postmaster@
so Michell said she rejects mail from postmaster@ from specific clients.
>>> http://rfc-ignorant.org/policy-postmaster.php
you cited rfci which is irrelevant here.
>> the rfci policy applies to postmaster as a recipient. nobody can force
>> you to accept mail _from_ postmaster.
>
> how can anyone solve anything when postmasters cant talk together ?
I don't care if "anyone" or "postmasters" have something to solve or
want to talk to Gether. There is no one by that name here ;-p
you can reach posmaster here. but we reserve the right to block clients
based on policy criteria (such as being listed in zen, rfci, ... etc).
but this doesn't mean we will accept mail from postmaster as something
special. It's actually the opposite. mail from postmaster may be
confused with backscatter. and we don't do much effort to protect
against this because we believe such mail is rare enough to not justify
any special treatment.
Re: Getting hammered by backscatter
Posted by Benny Pedersen <me...@junc.org>.
On Fri, November 7, 2008 19:31, mouss wrote:
>>> postmaster@
>> http://rfc-ignorant.org/policy-postmaster.php
> the rfci policy applies to postmaster as a recipient. nobody can force
> you to accept mail _from_ postmaster.
how can anyone solve anything when postmasters cant talk together ?
doh
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Getting hammered by backscatter
Posted by mouss <mo...@netoyen.net>.
Benny Pedersen wrote:
> On Fri, November 7, 2008 03:33, Michelle Konzack wrote:
>
>> I am rejecting ANY (!!!) messages coming from <*.ru> and <*.ua> domains
>> where the "From:" header is from:
>>
>> MAILER-DAEMON@
>
> ok
>
>> postmaster@
>
> http://rfc-ignorant.org/policy-postmaster.php
the rfci policy applies to postmaster as a recipient. nobody can force
you to accept mail _from_ postmaster.
>
>> noreply@
>> no-reply@
>
> ok
>
>
Re: Getting hammered by backscatter
Posted by Benny Pedersen <me...@junc.org>.
On Fri, November 7, 2008 03:33, Michelle Konzack wrote:
> I am rejecting ANY (!!!) messages coming from <*.ru> and <*.ua> domains
> where the "From:" header is from:
>
> MAILER-DAEMON@
ok
> postmaster@
http://rfc-ignorant.org/policy-postmaster.php
> noreply@
> no-reply@
ok
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Getting hammered by backscatter
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Hi Chris.
I have gotten over 200.000 of them with more then 2700 MByte...
Now it is reduced to less then 200 backscatter per day.
I am rejecting ANY (!!!) messages coming from <*.ru> and <*.ua> domains
where the "From:" header is from:
MAILER-DAEMON@
postmaster@
noreply@
no-reply@
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)