On Wed May 13, 2009 at 15:53:34 +0200, Ernesto wrote:
> breaking the RFC by guessing how a spam issueing address might look is
> not good.
Indeed, which is why I wondered how other people solve this
specific problem.
> Better is to reject a spam mail directly during connection phase,
> because once your mail server has accepted the mail, you _must_ deliver
> it to the user anyway (with special tags i.e.), because of data
> protection laws!
(This particular case is for my own domains - the only user is myself.)
I appreciate that I must make the decision to reject during
the SMTP phase. My specific problem is that unsolicited/faked
bounce messages are essentially a different category of mail.
It is not sufficient to pipe the mails through spambayes,
spamassassin, crm114, etc. They do a reasonable job of recognising
these messages but none are perfect. Given that in qpsmtpd we
have easy access to the envelope sender we can reliable identify
bounces - it mostly becomes a policy decision on what to do with
them.
So far I've been accepting them but storing them in a throwaway
account via tagging + procmail. (/home/automated/bounces/{new cur
tmp}). But when there are 2000 plus messages arrived overnight
from a spam run you didn't sent it is galling to have accepted them.
Still it seems that the standard wisdom is that I either accept
all bounces, or have a list of addresses which send mail,
or I implement some kind of outgoing signatures which I can
validate upon the receipt of a bounce.
None of those solutions are terribly great, but if that
is the best I can do then so be it.
> Most of the spam is issued by robots working on hijacked Windoze-PCs and
> is sent without using standard mail protocolls - re-trying delivery
> i.e.. So greylisting is doing a good job, but binds many resources
> (database processing, disk space etc.)
Greylisting seems less effective these days, but given that most of
the bounces come from spam victims running real mailservers, rather
than zombie machines, I suspect it would just delay the inevitable.
> Please have a look at my spam statistics **):
I think I win on sheer numbers, rejecting just over 8.5 million
spam messages in the past 30 days..
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
