On Tue, 25 Sep 2007 12:40:50 +0100, Craig Skinner wrote: >RW wrote: >> >> The others were from bots as far as I could tell but they were not >> being sent by MTAs which had received them. >> > >Yes, but the OPs problem is back scatter, and that does not come from >bots, they don't retry. >
What I was getting looked like backscatter and smelled like backscatter it is just that some of the IPs sending it didn't check out as MTAs. i.e. they were not listed MXs for the domain they came from AND the domain was not likely someone with separate outbound senders. They all retried too and when I had them as TRAPPED entries the logged data included typical failed-to-deliver messages. >If the OP was repeatedly getting mail to a few addresses from different >hosts, he could use grey trapping. But he said that they are all random. My experience entirely. I trapped them by looking for <> as sender, parsing the recipient as invalid (using a postfix lookup) and then inserting the IP into spamdb as TRAPPED. Later I firewalled them out for 24 hours. It cut the log clutter. The scripts are still there but the crontab lines are commented out until needed again. R/ A consultant is someone who's called in when someone has painted himself into a corner. He's expected to levitate his client out of that corner. -The Sayings of Chairman Morrow. 1984.
