On Wed May 13, 2009 at 15:53:34 +0200, Ernesto wrote: > breaking the RFC by guessing how a spam issueing address might look is > not good.
Indeed, which is why I wondered how other people solve this specific problem. > Better is to reject a spam mail directly during connection phase, > because once your mail server has accepted the mail, you _must_ deliver > it to the user anyway (with special tags i.e.), because of data > protection laws! (This particular case is for my own domains - the only user is myself.) I appreciate that I must make the decision to reject during the SMTP phase. My specific problem is that unsolicited/faked bounce messages are essentially a different category of mail. It is not sufficient to pipe the mails through spambayes, spamassassin, crm114, etc. They do a reasonable job of recognising these messages but none are perfect. Given that in qpsmtpd we have easy access to the envelope sender we can reliable identify bounces - it mostly becomes a policy decision on what to do with them. So far I've been accepting them but storing them in a throwaway account via tagging + procmail. (/home/automated/bounces/{new cur tmp}). But when there are 2000 plus messages arrived overnight from a spam run you didn't sent it is galling to have accepted them. Still it seems that the standard wisdom is that I either accept all bounces, or have a list of addresses which send mail, or I implement some kind of outgoing signatures which I can validate upon the receipt of a bounce. None of those solutions are terribly great, but if that is the best I can do then so be it. > Most of the spam is issued by robots working on hijacked Windoze-PCs and > is sent without using standard mail protocolls - re-trying delivery > i.e.. So greylisting is doing a good job, but binds many resources > (database processing, disk space etc.) Greylisting seems less effective these days, but given that most of the bounces come from spam victims running real mailservers, rather than zombie machines, I suspect it would just delay the inevitable. > Please have a look at my spam statistics **): I think I win on sheer numbers, rejecting just over 8.5 million spam messages in the past 30 days.. Steve -- Debian GNU/Linux System Administration http://www.debian-administration.org/