--On Sonntag, 12. Oktober 2003 00:20 -0700 Chris Petersen
<[EMAIL PROTECTED]> wrote:
>> >> The sending mail server supplies the "return path" using the "MAIL
>> >> FROM" SMTP command, from which this setting is derived.
>> >
>> > So if the point of badfrom is to catch spammers/forgers, wouldn't it
>> > also be relevant (not to mention less confusing) to check the From
>> > field?
>> No, its too late to reject a mail at this point.
>> You still may use maildrop for this.
>
> ah. Wouldn't From come at the same time as return-path?
Headers come after DATA, just like the whole body.
While its theoretically possible to reject after DATA its practically
useless as the payload has been already delivered and some crappy
mailservers will just resend the same mail over and over - sometimes up
to a few hundred mb per day.
> I've received
> plenty of mail (spam) without a return-path, so it'd be nice to have
> SOME way to match those messages.
If you reject mails with empty RP you also wont get any legit DSN's.
There are of course reasons to reject DSN if a domain gets joejobbed,
but this breaks the (seriously flawed) mail-system completely.
I am using a perl-script specified in etc/maildropfilter to selectively
reject empty sender for joejobbed domains, test any servers which uses
an empty sender against nearly every available dnsbl (except XBL...) and
a local list of known clueless spam- and virus-bouncers.
While this set of DNSL would be inpractical for all mail it serves well
for those with an empty sender.
Would be nice if etc/esmtpd had a "BLACKLISTS_BOUNCE" option to specify
additional DNSB to be used for empty senders.
> And I'd rather not use maildrop - I want the spammers to get a rejection
> from the smtp connection, not some bounced message that might hit an
> innocent forged-addressee.
Dont worry, there are no ways to bounce an empty sender ;)
Seriously, spammers do not care wether you accept the mail or not, they
wont remove the victim from their list ever.
Setup a filter for maildrop which checks wether at least three of the
following conditions are met:
- receipient (your domain) must be listed in To:, no CC/BCC
- From: contains ^(postmaster|mailer-daemon)@
- sender has proper RDNS, does not contain (dsl|cable|dialup|ppp)
- has valid Date: and Message-ID:, which should matche RDNS domain
- subject contains (undeliverable|failed|failure|unknown|returned)
- many/most bounces follow a specific format, check the RFC:
Content-Type: multipart/report; report-type=delivery-status;
- HTML-tags in the first few lines or CN/KR/TW are self-explanatory...
and drop everything else into a 'forged-dsn' folder for weekly review.
Roland
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
