Re: I've just found a new and interesting spam source - legitimate bounce messages

Thu, 16 Oct 2008 10:20:12 -0700 

Jeremy Chadwick <[EMAIL PROTECTED]> escribió:


On Thu, Oct 16, 2008 at 09:01:02AM -0500, [EMAIL PROTECTED] wrote:

In the last hour, I've received over 200 legitimate bounce messages from
email services as a result of someone having used or worse is using my
email address in spam from multiple windows machines and ip addresses.
The end result is that I am getting the bounce messages.  I'm sure that
others on this list have experienced the problem and maybe have a
solution that I don't have.

The messages are allowed through my obspamd/pf and pf smtp bruteforce
blocking rules because they are completely legit.

I guess the work around is to filter them on incoming together with our
local bounce messaages util the spammers get tired of my address.


The term coined for this type of mail is "backscatter".

There is no easy solution for this.  The backscatter article on
postfix.org, for example, caused our mail servers to start rejecting
mail that was generated from PHP scripts and CGIs on our own systems,
which makes no sense.  The article:

http://www.postfix.org/BACKSCATTER_README.html


Thanks for the article, Jeremy.  I hadn't seen it.


If the backscatter is all directed to a single Email address (rather
than a series of addresses, e.g. [EMAIL PROTECTED], and
you have [EMAIL PROTECTED] accepted), then a solution is to reject
mail with an RCPT TO of an account or virtual address that does not
exist on your machine.

This, of course, has a wonderful side effect: spammers now have a way to
detect what Email addresses on your box legitimately accept mail, thus
once they find one which never gets a bounceback, will start pounding
that address to kingdom come.

Let me know if you do find a reliable, decent solution that does not
involve SPF or postfix header_checks or body_checks.


I wish ;)

Thanks again,

ed



--
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"



_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to