David, please don't top-post in a thread where others are bottom-posting - it is confusing...
Graziano said: >>> I understand that when the spammer send an email to an invalid user , >>> assp returns an email to the sender. Wrong - ASSP does not *send* *any* email messages, but it does respond with certain SMTP Status Codes during the SMTP session - the one you are discussing is the SMTP REJECT code but this is NOT an email message. It is the responsibility of the *originating MTA* to generate the actual email the original sender ultimately gets. Graziano said: >>> And if the sender does not exist I receive the "Delivery Status >>> Notification (Failure)" email. >>> How to reduce these ? assp can help on this ? Stop accepting mail for invalid recipients. Period. If you have a good reason (and I cannot think of one right now) for not rejecting mail for invalid recipients, then at a minimum you should never, under any circumstances, generate DSN messages. Now, if some spammer somewhere is sending spam with one of your VALID email addresses as a forged sender address, then the backscatter is not your fault, but shouldn't you be able to filter it out by simply rejecting (or maybe black-holing) any/all DSN messages that do not originate with one of your outbound SMTP server(s)? Marrco said: >> We discussed it a little on assp-test. It's called backscatter and it's a >> well know spam problem. Here you can find some suggestions >> http://www.postfix.org/BACKSCATTER_README.html Correct - if you are using postfix, then this is valuable information - but you also have to configure ASSP to reject mail destined for invalid recipients. David said: > If we knew that all outbound email went through ASSP (no relaying) ? ASSP is not an MTA - it *must* relay all outbound mail through an MTA. David said: > then one might be able to compare the recipient on backscatter > messages to the recipient on messages actually sent out, which would > be one way of "verifying" backscatter messages. Unfortunately message > IDs and other things we put in the headers aren't going to come back > to us on the rebound, so those are useless. You are fighting the wrong problem. The problem is apparently that ASSP is not verifying recipients. Fix that first. Then find the best way to simply reject/blackhole any/all DSN messages that are not *generated* by your SMTP server(s) and that should solve the problem. Unless I'm completely missing something... -- Best regards, Charles ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
