Thanks Darin, but these are NDR's that are being generated by my own
system. My postmaster account is well protected from spam and we do
monitor for false positives, in fact I have about 60 or so domains with
abuse, root and postmaster aliases pointed at the same account and I
can't recall the last piece of spam that it got, nor the last false
positive. The only real E-mail it receives is from these NDR's,
auto-replies to NDR's, or personal messages from people telling me that
they never sent me the message, i.e.
"I didn't send a msg to this recipient. Do I have a virus
using my address book?"
Note that I try to send apologies when I get stuff like this, but I'm
not always timely. Thankfully I only see about one of these or less a
week, but I do get close to 300 bounces/NDR's during the same period
and it makes my postmaster account pretty much unusable. I suppose
that I could move it to a different account and kill the messages, but
I'm less concerned about myself than I am about those that are getting
these messages. Before March and the appearance of ZIP-EXE's, the only
bounces/NDR's that this account got were from new undetected viruses
during the first few hours of an outbreak and with Declude's new
vulnerability detection, they should be much less common now.
Matt
Darin Cox wrote:
Hi Matt,
Here's how we handled the issue.
Set postmaster and abuse aliases to
forward to a monitor account. The monitor account has a vacation
message set to tell the sender that this account is not monitored, and
to forward to another reporting account. The reporting account then
gets delivered to support personnel.
This way we avoid the spam content
that slips through to these common accounts, and don't get swamped with
NDRs from forging viruses.
Obviously this means we have to be
more careful about real NDRs, or other problems, but we monitor our
logs to protect against that.
Darin.
-----
Original Message -----
Sent: Wednesday, June 02, 2004 12:41 PM
Subject: [Declude.Virus] Bounces to encrypted zips
Yesterday my postmaster account got 32 NDR's from my system and others,
and 1 auto-reply. 31 of these 33 messages were from ZIP-EXE's and
RAR-EXE's. I have no clue as to how many of these bounces are for
ZIP-EXE's that are accepted because my log doesn't provide enough
information for me to tell, but I suspect that the real number is one
to two times more than what's getting bounced back at me, though I
could be way off. The messages that are getting bounced back/NDR'd are
generally to addresses that are parsed incorrectly by the virus, such
as the ones that Netsky rips from Message-ID's.
Here's the worst part of this all...18 of the 33 messages were
received from NDR's to domains belonging to my own customers (or
close approximations there of), and one was from one of my own
customer's auto-replies. I again have no clue as to how many
actually got delivered, but this is definitely a big problem and it
causes confusion. Yesterday was if anything, a below normal day for
NDR's to my postmaster account.
Please, please, please...I need a solution to this. I don't know what
to do apart from possibly creating a program alias that parses
BanNotify.eml bounce and then creates a new bounce message, but this
level of programming is beyond my immediate skill. IMail rules don't
work because of the way these messages are hooked into the system. All
I really want to do is turn bounces for encrypted archives off (both
ZIP's and RAR's). I've been asking for three months now, and I need to
know if this is going to be resolved soon or if I am going to have to
get someone to program this for me. I view this as a very serious
problem and it's bad enough that I already receive 1.5% of my total
traffic from Joe-Job and AV NDR's without contributing to it with my
own system.
Thanks,
Matt
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|
