You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by John Hardin <jh...@impsec.org> on 2009/06/25 19:09:47 UTC
casper@snigelpost.org bounces?
Is anybody else getting bounces on mail they send to the list from
casper@snigelpost.org?
If so, can we get him unsubscribed?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Phobias should not be the basis for laws.
-----------------------------------------------------------------------
9 days until the 233rd anniversary of the Declaration of Independence
Re: backscatter (was Re: casper@snigelpost.org bounces?)
Posted by Charles Gregory <cg...@hwcn.org>.
On Thu, 25 Jun 2009, Arvid Picciani wrote:
>> I still welcome suggestions for handling the few remaining cases where my
>> procmail chokes on a mailbox limit. Probably more of a PM question than an
>> SA question, but seeing how the cause for concern is backscatter from
>> 'full mailbox' DSN's I'm figuring the answer is here, if anywhere....
> 1) your MTA bounces, becouse your users mailboxes are full.
Of the two questions, this one is closest, but it's not the MTA that
generates the bounce. The MTA has handed off the message for delivery to
individual recipients after accepting the DATA. Procmail encounters the
full mailbox and signals the MTA.
My MTA checks for a mailboxes that are *already* over quota while dealing
with individual 'RCPT_TO' commands. The problem comes after I receive DATA
and know the size of the mail. At this point the only actions my MTA can
take are for ALL recipients. I can't reject mail just for *one* recipient
with a (nearly) full mailbox. The only 'workaround' for this would be to
have my MTA enforce individual recipients by returning a 4xx code for
second and subsequent recipients. Mind you, this might actually help with
some spam, but it would also add to bandwidth for ALL legitimate mail with
multiple recipients, forcing transmission of the data/body for each one.
> 2) You're receiving backscatter and you get "mailbox full" DSNs
> I find it impossible to parse DSNs. There is no standard and its
> supposed to be human readable.
This wasn't my question, but I have a 'fairly good' answer for it:
I do a body check for a quoted From line that has the wrong 'name' in
front of my address.... Eg. "From: Bob Kenny <ch...@hwcn.org>...
- Charles
backscatter (was Re: casper@snigelpost.org bounces?)
Posted by Arvid Picciani <ae...@exys.org>.
Charles Gregory wrote:
> On Thu, 25 Jun 2009, Arvid Picciani wrote:
>> I started blocking some backscattering hosts and would like to inform
>> them how to fix the issue.
>
> I still welcome suggestions for handling the few remaining cases where
> my procmail chokes on a mailbox limit. Probably more of a PM question
> than an SA question, but seeing how the cause for concern is
> backscatter from 'full mailbox' DSN's I'm figuring the answer is here,
> if anywhere....
>
> - C
I didn't exactly understand which of the two possible questions you
asked (yeah, not native speaker :/ ) so i'll try both:
1) your MTA bounces, becouse your users mailboxes are full.
Defer (temporary reject) the message at smtp time, so the sending MTA
retrys a few times and ultimatly gives up informing the REAL sender.
(you could also reject permanently, if you want that)
If you absolutely can't fix the MTA, at least check the SPF before
bouncing. If the SPF doesn't match the sender, don't send a bounce.
Same for dkim. Also don't bounce spam.
Note that backscatter can actually get you blacklisted if you bounce to
traps.
2) You're receiving backscatter and you get "mailbox full" DSNs
I find it impossible to parse DSNs. There is no standard and its
supposed to be human readable.
For now i block mail from postmaster/bounce-*/MAILERDAMEON/... from
listed (known misconfigured) hosts. I had to firewall two very
aggressive hosts though ("normal" hosts!)
This blogs legitime DSNs so it might not be the solution for everyone.
Backscatter.org is far from complete, so i'm working on a trap. Thanks
to one of our domain beeing joe jobbed (and not receiving legitime DSN,
since we dont use it anymore) i can get around 100 hosts per day listed.
Unfortunatly i lack the infrastructure to make it usefull for the
public, and backscatter.org has no report form.
Re: casper@snigelpost.org bounces?
Posted by Charles Gregory <cg...@hwcn.org>.
On Thu, 25 Jun 2009, Arvid Picciani wrote:
> I started blocking some backscattering hosts and would like to inform
> them how to fix the issue.
I still welcome suggestions for handling the few remaining cases where my
procmail chokes on a mailbox limit. Probably more of a PM question than an
SA question, but seeing how the cause for concern is backscatter from
'full mailbox' DSN's I'm figuring the answer is here, if anywhere....
- C
Re: casper@snigelpost.org bounces?
Posted by Arvid Picciani <ae...@exys.org>.
John Hardin wrote:
> Is anybody else getting bounces on mail they send to the list from
> casper@snigelpost.org?
>
Yep. I wish backscatter.org had a reporting and educating form. Ie
automaticaly inform the postmaster of that system of the listing
incuding educational material how to fix it.
Btw, somone got a webpage that has information for the most common MTAs?
I started blocking some backscattering hosts and would like to inform
them how to fix the issue.
Re: casper@snigelpost.org bounces?
Posted by Charles Gregory <cg...@hwcn.org>.
On Thu, 25 Jun 2009, Benny Pedersen wrote:
> On Thu, June 25, 2009 19:34, John Hardin wrote:
>> Sure, but that doesn't help anybody else that posts to the list.
> it will if admins at remote read there logs, but yes we can only wait now
If they do, they don't act very quickly. I've been rejecting these at my
SMTP gate since they first appeared.
- C
Re: casper@snigelpost.org bounces?
Posted by Benny Pedersen <me...@junc.org>.
On Thu, June 25, 2009 19:34, John Hardin wrote:
> Sure, but that doesn't help anybody else that posts to the list.
it will if admins at remote read there logs, but yes we can only wait now
--
xpoint
Re: casper@snigelpost.org bounces?
Posted by John Hardin <jh...@impsec.org>.
On Thu, 25 Jun 2009, Benny Pedersen wrote:
>
> On Thu, June 25, 2009 19:09, John Hardin wrote:
>> Is anybody else getting bounces on mail they send to the list from
>> casper@snigelpost.org?
>>
>> If so, can we get him unsubscribed?
>
> here i have seen 25 of this bouncers, i have added his sender ip into
> postfwd client_address until its resolved, i belive you can make a body
> rule in milter.regex ? :)
Sure, but that doesn't help anybody else that posts to the list.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Phobias should not be the basis for laws.
-----------------------------------------------------------------------
9 days until the 233rd anniversary of the Declaration of Independence
Re: casper@snigelpost.org bounces?
Posted by Benny Pedersen <me...@junc.org>.
On Thu, June 25, 2009 19:09, John Hardin wrote:
> Is anybody else getting bounces on mail they send to the list from
> casper@snigelpost.org?
>
> If so, can we get him unsubscribed?
here i have seen 25 of this bouncers, i have added his sender ip into postfwd client_address until its resolved, i belive you can
make a body rule in milter.regex ? :)
--
xpoint
Re: casper@snigelpost.org bounces? [RESOLVED]
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
> > FYI, they took care about this issue. Quite speedy. :)
>
> so now thay using postfix ?, fixing valid recipient maps is dangerous :)
What are you talking about, Benny? The ASF admins have removed the
offending address from the list's subscribers.
Anyway, this horse is now dead. Please stop beating it.
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: casper@snigelpost.org bounces? [RESOLVED]
Posted by Benny Pedersen <me...@junc.org>.
On Thu, June 25, 2009 19:48, Karsten Bräckelmann wrote:
> On Thu, 2009-06-25 at 19:32 +0200, Karsten Bräckelmann wrote:
>> Taking care of that, already poked the almighty admins.
> FYI, they took care about this issue. Quite speedy. :)
so now thay using postfix ?, fixing valid recipient maps is dangerous :)
--
xpoint
Re: casper@snigelpost.org bounces? [RESOLVED]
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2009-06-25 at 19:32 +0200, Karsten Bräckelmann wrote:
> Taking care of that, already poked the almighty admins.
FYI, they took care about this issue. Quite speedy. :)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: casper@snigelpost.org bounces?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2009-06-25 at 10:09 -0700, John Hardin wrote:
> Is anybody else getting bounces on mail they send to the list from
> casper@snigelpost.org?
Taking care of that, already poked the almighty admins.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}