You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Arvid Picciani <ae...@exys.org> on 2009/06/25 23:53:38 UTC
backscatter (was Re: casper@snigelpost.org bounces?)
Charles Gregory wrote:
> On Thu, 25 Jun 2009, Arvid Picciani wrote:
>> I started blocking some backscattering hosts and would like to inform
>> them how to fix the issue.
>
> I still welcome suggestions for handling the few remaining cases where
> my procmail chokes on a mailbox limit. Probably more of a PM question
> than an SA question, but seeing how the cause for concern is
> backscatter from 'full mailbox' DSN's I'm figuring the answer is here,
> if anywhere....
>
> - C
I didn't exactly understand which of the two possible questions you
asked (yeah, not native speaker :/ ) so i'll try both:
1) your MTA bounces, becouse your users mailboxes are full.
Defer (temporary reject) the message at smtp time, so the sending MTA
retrys a few times and ultimatly gives up informing the REAL sender.
(you could also reject permanently, if you want that)
If you absolutely can't fix the MTA, at least check the SPF before
bouncing. If the SPF doesn't match the sender, don't send a bounce.
Same for dkim. Also don't bounce spam.
Note that backscatter can actually get you blacklisted if you bounce to
traps.
2) You're receiving backscatter and you get "mailbox full" DSNs
I find it impossible to parse DSNs. There is no standard and its
supposed to be human readable.
For now i block mail from postmaster/bounce-*/MAILERDAMEON/... from
listed (known misconfigured) hosts. I had to firewall two very
aggressive hosts though ("normal" hosts!)
This blogs legitime DSNs so it might not be the solution for everyone.
Backscatter.org is far from complete, so i'm working on a trap. Thanks
to one of our domain beeing joe jobbed (and not receiving legitime DSN,
since we dont use it anymore) i can get around 100 hosts per day listed.
Unfortunatly i lack the infrastructure to make it usefull for the
public, and backscatter.org has no report form.
Re: backscatter (was Re: casper@snigelpost.org bounces?)
Posted by Charles Gregory <cg...@hwcn.org>.
On Thu, 25 Jun 2009, Arvid Picciani wrote:
>> I still welcome suggestions for handling the few remaining cases where my
>> procmail chokes on a mailbox limit. Probably more of a PM question than an
>> SA question, but seeing how the cause for concern is backscatter from
>> 'full mailbox' DSN's I'm figuring the answer is here, if anywhere....
> 1) your MTA bounces, becouse your users mailboxes are full.
Of the two questions, this one is closest, but it's not the MTA that
generates the bounce. The MTA has handed off the message for delivery to
individual recipients after accepting the DATA. Procmail encounters the
full mailbox and signals the MTA.
My MTA checks for a mailboxes that are *already* over quota while dealing
with individual 'RCPT_TO' commands. The problem comes after I receive DATA
and know the size of the mail. At this point the only actions my MTA can
take are for ALL recipients. I can't reject mail just for *one* recipient
with a (nearly) full mailbox. The only 'workaround' for this would be to
have my MTA enforce individual recipients by returning a 4xx code for
second and subsequent recipients. Mind you, this might actually help with
some spam, but it would also add to bandwidth for ALL legitimate mail with
multiple recipients, forcing transmission of the data/body for each one.
> 2) You're receiving backscatter and you get "mailbox full" DSNs
> I find it impossible to parse DSNs. There is no standard and its
> supposed to be human readable.
This wasn't my question, but I have a 'fairly good' answer for it:
I do a body check for a quoted From line that has the wrong 'name' in
front of my address.... Eg. "From: Bob Kenny <ch...@hwcn.org>...
- Charles