Re: [spamdyke-users] Backscatter Spam Question
I think this question is about outgoing backscatter. Is there a way to deny/drop all incoming backscatter? I guess the questions are: 1. Do MTAs consistently indicate in the headers that this is a bounce 2. does spamdyke have a rule to decide based on this? Often a random user in my company will get upwards of 2000 mailer daemon messages in one day. I understand that this would mean 2 things, one is that I will lose out on real bounces. The other (if I deny it) is that I am possibly just pushing the backscatter problem upstream and making it worse for somebody else. I don't mind having to change the spamdyke source. Bruce - you could completely disable bounces from qmail (another sledgehammer approach). - Venkat -Original Message- From: Sam Clippinger [EMAIL PROTECTED] Sent: Friday, April 18, 2008 15:51:38 Subject: Re: [spamdyke-users] Backscatter Spam Question You're not alone in wanting this feature -- recipient validation is at the top of my TODO list for spamdyke's version-after-next. I'm trying my best to get the next version (4.0.0) tested and documented so I can release it, hopefully this month. Once that's done, I'll be tackling recipient validation. Checking an LDAP directory is probably not going to be possible in my first attempt, however. -- Sam Clippinger Bruce Schreiber wrote: I am receiving complaints about backscatter spam from my mail service. I would like to add a filter to block mail addressed to users that are not in my LDAP directory and drop them before Qmail starts its process. I do not seem to see any filters in the configuration that fit what I want. Does anyone have any suggestions? Thank you, Bruce ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Backscatter Spam Question
On Mon, Apr 28, 2008 at 11:44:43PM -0700, Venks Izod wrote: I think this question is about outgoing backscatter. Is there a way to deny/drop all incoming backscatter? Not really, if you want to stay RFC compliant. 1. Do MTAs consistently indicate in the headers that this is a bounce They should all use MAIL FROM:. I'm not sure they all do. 2. does spamdyke have a rule to decide based on this? I don't think you should unconditionally drop all incoming bounces. It violates the RFCs IIRC, and is also harmful to your own users, because they may never realize some of their mail wasn't delivered. Also, you'll be causing double bounces for everyone who tries to deliver bounces to you, whether backscatter or not. Often a random user in my company will get upwards of 2000 mailer daemon messages in one day. Maybe some MUA-level filtering would help, based on message content...? What you could and should additionally do, imo, is to complain to the operator of the server sending the backscatter, and to their provider. If enough people bug them about it, they may eventually do something. Andras -- Andras Korn korn at chardonnay.math.bme.hu http://chardonnay.math.bme.hu/~korn/ QOTD: Don't go to work - there's a lot to do. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Backscatter Spam Question
Identifying incoming backscatter is difficult at best. There is no standard way bounce messages are formatted -- it depends on the mail server software and version (and language). Most are delivered from an empty sender address (spamdyke logs it as (unknown)) but some aren't (I've seen bounces from postmaster@, MAILER-DAEMON@ and more). spamdyke doesn't currently have a way to block messages from null senders but it wouldn't be hard to add. It would just be a very small extension to the sender blacklist feature. Whether you _should_ block those messages is up to you. -- Sam Clippinger Venks Izod wrote: I think this question is about outgoing backscatter. Is there a way to deny/drop all incoming backscatter? I guess the questions are: 1. Do MTAs consistently indicate in the headers that this is a bounce 2. does spamdyke have a rule to decide based on this? Often a random user in my company will get upwards of 2000 mailer daemon messages in one day. I understand that this would mean 2 things, one is that I will lose out on real bounces. The other (if I deny it) is that I am possibly just pushing the backscatter problem upstream and making it worse for somebody else. I don't mind having to change the spamdyke source. Bruce - you could completely disable bounces from qmail (another sledgehammer approach). - Venkat -Original Message- From: Sam Clippinger [EMAIL PROTECTED] Sent: Friday, April 18, 2008 15:51:38 Subject: Re: [spamdyke-users] Backscatter Spam Question You're not alone in wanting this feature -- recipient validation is at the top of my TODO list for spamdyke's version-after-next. I'm trying my best to get the next version (4.0.0) tested and documented so I can release it, hopefully this month. Once that's done, I'll be tackling recipient validation. Checking an LDAP directory is probably not going to be possible in my first attempt, however. -- Sam Clippinger Bruce Schreiber wrote: I am receiving complaints about backscatter spam from my mail service. I would like to add a filter to block mail addressed to users that are not in my LDAP directory and drop them before Qmail starts its process. I do not seem to see any filters in the configuration that fit what I want. Does anyone have any suggestions? Thank you, Bruce ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Backscatter Spam Question
Maybe doing it in a kind of Greylist fasion might work... Where, instead of denying the first one, you allow the first one, then block subsequent NDR's from the same IP? That would allow legit bounces through, as well as the bogus backscatter, but it will limit the backscatter to 1 copy. Maybe have a shorter TTL on the backscatter greylist files...(or, of course, make it configurable :-) ) Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sam Clippinger Sent: Tuesday, April 29, 2008 9:04 PM To: spamdyke users Subject: Re: [spamdyke-users] Backscatter Spam Question Identifying incoming backscatter is difficult at best. There is no standard way bounce messages are formatted -- it depends on the mail server software and version (and language). Most are delivered from an empty sender address (spamdyke logs it as (unknown)) but some aren't (I've seen bounces from postmaster@, MAILER-DAEMON@ and more). spamdyke doesn't currently have a way to block messages from null senders but it wouldn't be hard to add. It would just be a very small extension to the sender blacklist feature. Whether you _should_ block those messages is up to you. -- Sam Clippinger Venks Izod wrote: I think this question is about outgoing backscatter. Is there a way to deny/drop all incoming backscatter? I guess the questions are: 1. Do MTAs consistently indicate in the headers that this is a bounce 2. does spamdyke have a rule to decide based on this? Often a random user in my company will get upwards of 2000 mailer daemon messages in one day. I understand that this would mean 2 things, one is that I will lose out on real bounces. The other (if I deny it) is that I am possibly just pushing the backscatter problem upstream and making it worse for somebody else. I don't mind having to change the spamdyke source. Bruce - you could completely disable bounces from qmail (another sledgehammer approach). - Venkat -Original Message- From: Sam Clippinger [EMAIL PROTECTED] Sent: Friday, April 18, 2008 15:51:38 Subject: Re: [spamdyke-users] Backscatter Spam Question You're not alone in wanting this feature -- recipient validation is at the top of my TODO list for spamdyke's version-after-next. I'm trying my best to get the next version (4.0.0) tested and documented so I can release it, hopefully this month. Once that's done, I'll be tackling recipient validation. Checking an LDAP directory is probably not going to be possible in my first attempt, however. -- Sam Clippinger Bruce Schreiber wrote: I am receiving complaints about backscatter spam from my mail service. I would like to add a filter to block mail addressed to users that are not in my LDAP directory and drop them before Qmail starts its process. I do not seem to see any filters in the configuration that fit what I want. Does anyone have any suggestions? Thank you, Bruce ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Backscatter Spam Question
I am receiving complaints about backscatter spam from my mail service. I would like to add a filter to block mail addressed to users that are not in my LDAP directory and drop them before Qmail starts its process. I do not seem to see any filters in the configuration that fit what I want. Does anyone have any suggestions? Thank you, Bruce ___ .mdEmail and .mdSecureIM allow tramsmission of PHI in compliance with HIPAA. Each is included when you register a .md Domain Name. http://www.max.md/register.php?affid=footer1 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Backscatter Spam Question
You're not alone in wanting this feature -- recipient validation is at the top of my TODO list for spamdyke's version-after-next. I'm trying my best to get the next version (4.0.0) tested and documented so I can release it, hopefully this month. Once that's done, I'll be tackling recipient validation. Checking an LDAP directory is probably not going to be possible in my first attempt, however. -- Sam Clippinger Bruce Schreiber wrote: I am receiving complaints about backscatter spam from my mail service. I would like to add a filter to block mail addressed to users that are not in my LDAP directory and drop them before Qmail starts its process. I do not seem to see any filters in the configuration that fit what I want. Does anyone have any suggestions? Thank you, Bruce ___ .mdEmail and .mdSecureIM allow tramsmission of PHI in compliance with HIPAA. Each is included when you register a .md Domain Name. http://www.max.md/register.php?affid=footer1 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Backscatter Spam Question
On Fri, Apr 18, 2008 at 04:45:58PM -0400, Bruce Schreiber wrote: I am receiving complaints about backscatter spam from my mail service. I would like to add a filter to block mail addressed to users that are not in my LDAP directory and drop them before Qmail starts its process. I do not seem to see any filters in the configuration that fit what I want. Does anyone have any suggestions? You could patch qmail with a patch that provides badrcptto or similar, and periodically generate a list of valid users from your LDAP directory. Andras -- Andras Korn korn at chardonnay.math.bme.hu http://chardonnay.math.bme.hu/~korn/ QOTD: Eagles may soar but weasels aren't sucked into jet engines. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Backscatter Spam Question
Sam, My compliments on an excellent product. As far as the recipient validation goes, the valid user list is not very volatile. I can handle building a link between my LDAP directory, my admin tools, and whatever you use as input to a recipient validation filter. Bruce Sam Clippinger wrote: You're not alone in wanting this feature -- recipient validation is at the top of my TODO list for spamdyke's version-after-next. I'm trying my best to get the next version (4.0.0) tested and documented so I can release it, hopefully this month. Once that's done, I'll be tackling recipient validation. Checking an LDAP directory is probably not going to be possible in my first attempt, however. -- Sam Clippinger Bruce Schreiber wrote: I am receiving complaints about backscatter spam from my mail service. I would like to add a filter to block mail addressed to users that are not in my LDAP directory and drop them before Qmail starts its process. I do not seem to see any filters in the configuration that fit what I want. Does anyone have any suggestions? Thank you, Bruce ___ .mdEmail and .mdSecureIM allow tramsmission of PHI in compliance with HIPAA. Each is included when you register a .md Domain Name. http://www.max.md/register.php?affid=footer1 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ .mdEmail and .mdSecureIM allow tramsmission of PHI in compliance with HIPAA. Each is included when you register a .md Domain Name. http://www.max.md/register.php?affid=footer1___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users