Jani Ollikainen writes:
Hi,Subject pretty much says it all. How to fight against spammers who have used my users email address / alias for sending email. Then the bounces begin to arrive.. Most of them will come in regular smtp-servers which aren't in any blocklists so no help from blocklists. What can be done to them? The only solution that came to my mind is to temporarily block bounces for email account / alias account when it's receiving spam bounces. It's not a good one, and valid bounces go unnoticed. But i think my users could live with it. Rather than seeing many kilos of bounces from emails that they didn't send.
The most practical solution is to blacklist the sources of the backscatter bounce bombs. In addition to valid local deliveries, the backscatter sources should have plenty of User unknown reject in the mail logs; so it's a simple matter to have a script go through your mail log and compile a list of the bounce sources.
Set up a subdomain zone in one of your domains, and use the script to populate the zone file, then set up Courier to use it as a DNS blacklist.
You'll have to invest some time until your list grows to an effective size. My blacklist runs to a couple of thousand IP addresses, and I barely notice the crap. Of course, you understand that you'll block all mail from the backscatter sources, but from my viewpoint it's not something that I need to worry about. When someone complains I tell them that their mail server is broken, why it's broken, and write me back when they fix it. Shift the burden on them to fix their broken mail server.
For normal user something like this should do the trick?
if (length($FROM) <= 1)
{
log "Dropping Bounce for $DEFAULT"
MAILDIRQUOTA='0'
EXITCODE=0
exit
}
You don't need to set MAILDIRQUOTA. This'll work, but, of course, by this time you've already wasted a lot of resources receiving and dispatching the message. Blacklisting the bounce source will incur far less overhead.
Spam will remain a problem as long as everyone continues to live in a perpetual, paranoid fear of rejecting one non-spam message that's lost in the middle of a massive crapflood.
pgpKKczPZXnaQ.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
