Maybe doing it in a kind of "Greylist" fasion might work... Where, instead of denying the first one, you allow the first one, then block subsequent NDR's from the same IP? That would allow legit bounces through, as well as the bogus backscatter, but it will limit the backscatter to 1 copy. Maybe have a shorter TTL on the backscatter greylist files...(or, of course, make it configurable :-) )
Michael J. Colvin NorCal Internet Services www.norcalisp.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Sam > Clippinger > Sent: Tuesday, April 29, 2008 9:04 PM > To: spamdyke users > Subject: Re: [spamdyke-users] Backscatter Spam Question > > Identifying incoming backscatter is difficult at best. There > is no standard way bounce messages are formatted -- it > depends on the mail server software and version (and > language). Most are delivered from an empty sender address > (spamdyke logs it as "(unknown)") but some aren't (I've seen > bounces from "postmaster@", "MAILER-DAEMON@" and more). > > spamdyke doesn't currently have a way to block messages from > null senders but it wouldn't be hard to add. It would just > be a very small extension to the sender blacklist feature. > Whether you _should_ block those messages is up to you. > > -- Sam Clippinger > > Venks Izod wrote: > > I think this question is about outgoing backscatter. Is > there a way > > to deny/drop all incoming backscatter? I guess the questions are: > > > > 1. Do MTAs consistently indicate in the headers that this > is a bounce > > > > 2. does spamdyke have a rule to decide based on this? > > > > Often a random user in my company will get upwards of 2000 mailer > > daemon messages in one day. > > > > I understand that this would mean 2 things, one is that I will lose > > out on real bounces. The other (if I deny it) is that I am > possibly > > just pushing the backscatter problem upstream and making it > worse for > > somebody else. > > > > I don't mind having to change the spamdyke source. > > > > Bruce - you could completely disable bounces from qmail (another > > sledgehammer approach). > > > > - Venkat > > > > -----Original Message----- > > From: Sam Clippinger <[EMAIL PROTECTED]> > > Sent: Friday, April 18, 2008 15:51:38 > > Subject: Re: [spamdyke-users] Backscatter Spam Question > > > > You're not alone in wanting this feature -- recipient > validation is at > > the top of my TODO list for spamdyke's version-after-next. > I'm trying > > my best to get the next version (4.0.0) tested and > documented so I can > > release it, hopefully this month. Once that's done, I'll > be tackling > > recipient validation. Checking an LDAP directory is probably not > > going to be possible in my first attempt, however. > > > > -- Sam Clippinger > > > > Bruce Schreiber wrote: > > > >> I am receiving complaints about backscatter spam from my > mail service. > >> I would like to add a filter to block mail addressed to users that > >> are not in my LDAP directory and drop them before Qmail starts its > >> process. I do not seem to see any filters in the > configuration that > >> fit what I want. > >> > >> Does anyone have any suggestions? > >> > >> Thank you, > >> > >> Bruce > >> > >> > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
