You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jason Bertoch <ja...@i6ix.com> on 2010/01/13 15:39:34 UTC
[Fwd: Delivery Status Notification (Failure)]
Can a list admin disable the SpamAssassin@hundredacrewood.willspc.net
account as we're still getting bounces?
-------- Original Message --------
Subject: Delivery Status Notification (Failure)
Date: Wed, 13 Jan 2010 09:36:54 -0500
From: Administrator <Ad...@willspc.net>
To: Jason Bertoch <ja...@i6ix.com>
Your message
To: SpamAssassin
Subject: Re: SA not picking up rules from /var/lib/spamassassin/
Sent: Wed, 13 Jan 2010 09:36:54 -0500
did not reach the following recipient(s):
SpamAssassin on Wed, 13 Jan 2010 09:36:54 -0500
The e-mail account does not exist at the organization this message
was sent to. Check the e-mail address, or contact the recipient
directly to find out the correct address.
<willspc.net #5.1.1>
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by Martin Gregorie <ma...@gregorie.org>.
On Tue, 2010-01-19 at 21:48 +0100, mouss wrote:
> Jason Bertoch a écrit :
> > This is an list administration problem, not something that every poster
> > here should have to fix locally.
>
> Unfortunately, that's only partially true.
>
> - if the problem is at the "MTA" side, then it will show again and
> again, with many different subscribers. In this case, the MTA operator
> should fix the problem. and if this doesn't happen, then he should be
> considered as part of the problem: blacklist the operator.
>
>>From a look at the bounce messages I got before writing a rule to bin
them, the problem is that the site used to have a Spamassassin user,
which was subscribed to this list but no longer has one. Maybe their SA
guy left and in a fit of overenthusiasm their sysadmins deleted the
Spamassassin user along with the guy's other account(s) but forgot to
cancel the list subscription. At least, that's my take on it.
If I'm right the best thing to do is to unsubscribe them, maybe after
sending a warning to their abuse mailbox. If nobody there cares about SA
then thats job done. If anybody is interested, they can resubscribe.
Martin
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by mouss <mo...@ml.netoyen.net>.
Jason Bertoch a écrit :
> On 1/18/2010 6:38 PM, mouss wrote:
>> David B Funk a écrit :
>>> On Wed, 13 Jan 2010, Jason Bertoch wrote:
>>>
>>>> Can a list admin disable the SpamAssassin@hundredacrewood.willspc.net
>>>> account as we're still getting bounces?
>>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: Delivery Status Notification (Failure)
>>>> Date: Wed, 13 Jan 2010 09:36:54 -0500
>>>> From: Administrator <Ad...@willspc.net>
>>>> To: Jason Bertoch <ja...@i6ix.com>
>>>>
>>>> Subject: Re: SA not picking up rules from /var/lib/spamassassin/
>>>> Sent: Wed, 13 Jan 2010 09:36:54 -0500
>>>>
>>>> did not reach the following recipient(s):
>>> [snip..]
>>>
>>
>> As far as I can tell, the major open source MTAs implement access
>> control. so you don't really need calling SA for this.
>>
>
> This is an list administration problem, not something that every poster
> here should have to fix locally.
Unfortunately, that's only partially true.
- if the problem is at the "MTA" side, then it will show again and
again, with many different subscribers. In this case, the MTA operator
should fix the problem. and if this doesn't happen, then he should be
considered as part of the problem: blacklist the operator.
- if the problem is in the user config, then yes, unsubscribing him will
help, until he subscribes again (possibly with a new address).
That said, I agree that the user should be unsusbcribed. But that's not
always easy: the bounce doesn't necessary tell the subscriber (when mail
is forwarded, you get the bounce for the forwarded-to address...). and
VERP doesn't help here since the borked setup sends the bounce to the
From: header. (one solution is to send mail with a "VERP FROM:" header
to detect which one causes the bounce)... sigh!
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by Jason Bertoch <ja...@i6ix.com>.
On 1/18/2010 6:38 PM, mouss wrote:
> David B Funk a écrit :
>> On Wed, 13 Jan 2010, Jason Bertoch wrote:
>>
>>> Can a list admin disable the SpamAssassin@hundredacrewood.willspc.net
>>> account as we're still getting bounces?
>>>
>>>
>>> -------- Original Message --------
>>> Subject: Delivery Status Notification (Failure)
>>> Date: Wed, 13 Jan 2010 09:36:54 -0500
>>> From: Administrator <Ad...@willspc.net>
>>> To: Jason Bertoch <ja...@i6ix.com>
>>>
>>> Subject: Re: SA not picking up rules from /var/lib/spamassassin/
>>> Sent: Wed, 13 Jan 2010 09:36:54 -0500
>>>
>>> did not reach the following recipient(s):
>> [snip..]
>>
>
> As far as I can tell, the major open source MTAs implement access
> control. so you don't really need calling SA for this.
>
This is an list administration problem, not something that every poster
here should have to fix locally.
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by mouss <mo...@ml.netoyen.net>.
David B Funk a écrit :
> On Wed, 13 Jan 2010, Jason Bertoch wrote:
>
>> Can a list admin disable the SpamAssassin@hundredacrewood.willspc.net
>> account as we're still getting bounces?
>>
>>
>> -------- Original Message --------
>> Subject: Delivery Status Notification (Failure)
>> Date: Wed, 13 Jan 2010 09:36:54 -0500
>> From: Administrator <Ad...@willspc.net>
>> To: Jason Bertoch <ja...@i6ix.com>
>>
>> Subject: Re: SA not picking up rules from /var/lib/spamassassin/
>> Sent: Wed, 13 Jan 2010 09:36:54 -0500
>>
>> did not reach the following recipient(s):
> [snip..]
>
> Just added the following to my SA rules:
>
> # deal with borked Administrator@willspc.net 1/14/10
> header L_BORKED_WILLSPC From:raw =~ /"Administrator" <Administrator\@willspc\.net>/
> describe L_BORKED_WILLSPC Brain-Dead mail site
> score L_BORKED_WILLSPC 100.0
>
> Since I run SA at my incoming MTA and SMTP reject anything with a score
> over 20, I don't see them anymore. ;)
>
As far as I can tell, the major open source MTAs implement access
control. so you don't really need calling SA for this.
for example, with postfix:
smtpd_client_restrictions =
check_client_access cidr:/etc/postfix/kill_client.cidr
check_sender_access cdb:/etc/postfix/killdom
check_helo_access cdb:/etc/postfix/killdom
check_reverse_client_hostname_access cdb:/etc/postfix/killdom
== killdom
willspc.net REJECT backscatter source
.willspc.net REJECT backscatter source
wnahosting.com REJECT backscatter source
.wnahosting.com REJECT backscatter source
== kill_client.cidr
66.194.243.3 REJECT backscatter source
yes, you can add 66.194.243.3 to your firewall kill list....
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Wed, 13 Jan 2010, Jason Bertoch wrote:
> > Can a list admin disable the SpamAssassin@hundredacrewood.willspc.net
> > account as we're still getting bounces?
[...]
> > From: Administrator <Ad...@willspc.net>
On 13.01.10 22:41, David B Funk wrote:
> Just added the following to my SA rules:
>
> # deal with borked Administrator@willspc.net 1/14/10
> header L_BORKED_WILLSPC From:raw =~ /"Administrator" <Administrator\@willspc\.net>/
> describe L_BORKED_WILLSPC Brain-Dead mail site
> score L_BORKED_WILLSPC 100.0
>
> Since I run SA at my incoming MTA and SMTP reject anything with a score
> over 20, I don't see them anymore. ;)
Is there anything bad about blacklist_from configuration option?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Wed, 13 Jan 2010, Jason Bertoch wrote:
>
> Can a list admin disable the SpamAssassin@hundredacrewood.willspc.net
> account as we're still getting bounces?
>
>
> -------- Original Message --------
> Subject: Delivery Status Notification (Failure)
> Date: Wed, 13 Jan 2010 09:36:54 -0500
> From: Administrator <Ad...@willspc.net>
> To: Jason Bertoch <ja...@i6ix.com>
>
> Subject: Re: SA not picking up rules from /var/lib/spamassassin/
> Sent: Wed, 13 Jan 2010 09:36:54 -0500
>
> did not reach the following recipient(s):
[snip..]
Just added the following to my SA rules:
# deal with borked Administrator@willspc.net 1/14/10
header L_BORKED_WILLSPC From:raw =~ /"Administrator" <Administrator\@willspc\.net>/
describe L_BORKED_WILLSPC Brain-Dead mail site
score L_BORKED_WILLSPC 100.0
Since I run SA at my incoming MTA and SMTP reject anything with a score
over 20, I don't see them anymore. ;)
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by Kai Schaetzl <ma...@conactive.com>.
Christian Brel wrote on Wed, 13 Jan 2010 14:49:04 +0000:
> I found dropping the whole: 66.192.0.0/14 in iptables solved this for
> me
sure, but the point is that this idiot should get unsubscribed.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by mouss <mo...@ml.netoyen.net>.
jdow a écrit :
> From: "Christian Brel" <br...@copperproductions.co.uk>
> Sent: Wednesday, 2010/January/13 07:40
>
>
>> On Wed, 13 Jan 2010 16:17:31 +0100
>> Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
>>
>>> > On Wed, 13 Jan 2010 09:39:34 -0500
>>> > Jason Bertoch <ja...@i6ix.com> wrote:
>>> > > Can a list admin disable the
>>> > > SpamAssassin@hundredacrewood.willspc.net account as we're still
>>> > > getting bounces?
>>>
>>> On 13.01.10 14:49, Christian Brel wrote:
>>> > I found dropping the whole: 66.192.0.0/14 in iptables solved this
>>> > for me :-) Seen lots of connection attempts, but hey ho....
>>>
>>> I recomment not to drop whole IP ranges unless you know you need to.
>>> You can block important mail that way
>>
>>
>> Not from that range I wont :-)
>
> Is it yours?
>
Does my IP belong to your provider?
it is amazing to see people complain about us droping traffic from noise
sources, when they happily hide behind providers who drop mail using
arbitrary measures...
I did add 66.194.243.3 to my firewall config (I also added related
domains to my postfix reject list). if I get more from the same range,
I'll drop the whole range.
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by jdow <jd...@earthlink.net>.
From: "Christian Brel" <br...@copperproductions.co.uk>
Sent: Wednesday, 2010/January/13 07:40
> On Wed, 13 Jan 2010 16:17:31 +0100
> Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
>
>> > On Wed, 13 Jan 2010 09:39:34 -0500
>> > Jason Bertoch <ja...@i6ix.com> wrote:
>> > > Can a list admin disable the
>> > > SpamAssassin@hundredacrewood.willspc.net account as we're still
>> > > getting bounces?
>>
>> On 13.01.10 14:49, Christian Brel wrote:
>> > I found dropping the whole: 66.192.0.0/14 in iptables solved this
>> > for me :-) Seen lots of connection attempts, but hey ho....
>>
>> I recomment not to drop whole IP ranges unless you know you need to.
>> You can block important mail that way
>
>
> Not from that range I wont :-)
Is it yours?
{^_^}
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by Christian Brel <br...@copperproductions.co.uk>.
On Wed, 13 Jan 2010 16:17:31 +0100
Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> > On Wed, 13 Jan 2010 09:39:34 -0500
> > Jason Bertoch <ja...@i6ix.com> wrote:
> > > Can a list admin disable the
> > > SpamAssassin@hundredacrewood.willspc.net account as we're still
> > > getting bounces?
>
> On 13.01.10 14:49, Christian Brel wrote:
> > I found dropping the whole: 66.192.0.0/14 in iptables solved this
> > for me :-) Seen lots of connection attempts, but hey ho....
>
> I recomment not to drop whole IP ranges unless you know you need to.
> You can block important mail that way
Not from that range I wont :-)
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Wed, 13 Jan 2010 09:39:34 -0500
> Jason Bertoch <ja...@i6ix.com> wrote:
> > Can a list admin disable the SpamAssassin@hundredacrewood.willspc.net
> > account as we're still getting bounces?
On 13.01.10 14:49, Christian Brel wrote:
> I found dropping the whole: 66.192.0.0/14 in iptables solved this for
> me :-) Seen lots of connection attempts, but hey ho....
I recomment not to drop whole IP ranges unless you know you need to.
You can block important mail that way
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.
Re: [Fwd: Delivery Status Notification (Failure)]
Posted by Christian Brel <br...@copperproductions.co.uk>.
On Wed, 13 Jan 2010 09:39:34 -0500
Jason Bertoch <ja...@i6ix.com> wrote:
>
> Can a list admin disable the SpamAssassin@hundredacrewood.willspc.net
> account as we're still getting bounces?
>
>
> -------- Original Message --------
> Subject: Delivery Status Notification (Failure)
> Date: Wed, 13 Jan 2010 09:36:54 -0500
> From: Administrator <Ad...@willspc.net>
> To: Jason Bertoch <ja...@i6ix.com>
>
> Your message
>
> To: SpamAssassin
> Subject: Re: SA not picking up rules from /var/lib/spamassassin/
> Sent: Wed, 13 Jan 2010 09:36:54 -0500
>
> did not reach the following recipient(s):
>
> SpamAssassin on Wed, 13 Jan 2010 09:36:54 -0500
> The e-mail account does not exist at the organization this message
> was sent to. Check the e-mail address, or contact the recipient
> directly to find out the correct address.
> <willspc.net #5.1.1>
>
I found dropping the whole: 66.192.0.0/14 in iptables solved this for
me :-) Seen lots of connection attempts, but hey ho....