After thinking this through more carefully, I think rejecting bounce messages would break mailing list software (actually, anything that rejected bounce messages would break mailing list software). Most mailing list packages rely on processing bounced messages to kick subscribers off of the lists when messages bounce.
Also keep in mind that any solution to block bounce messages doesn't really solve the backscatter problem, it just moves it around. If a remote server can't deliver a bounce message to your server, it will typically deliver the message to its own postmaster rather than simply discarding it. That just means someone else's mailbox gets flooded instead of yours. I think a better solution is probably something like SpamAssassin, which can identify (most) bounce messages and (correctly) scan them for spam. -- Sam Clippinger Michael Colvin wrote: > Maybe doing it in a kind of "Greylist" fasion might work... Where, instead > of denying the first one, you allow the first one, then block subsequent > NDR's from the same IP? That would allow legit bounces through, as well as > the bogus backscatter, but it will limit the backscatter to 1 copy. Maybe > have a shorter TTL on the backscatter greylist files...(or, of course, make > it configurable :-) ) > > > Michael J. Colvin > NorCal Internet Services > www.norcalisp.com > > > > > > > > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Sam >> Clippinger >> Sent: Tuesday, April 29, 2008 9:04 PM >> To: spamdyke users >> Subject: Re: [spamdyke-users] Backscatter Spam Question >> >> Identifying incoming backscatter is difficult at best. There >> is no standard way bounce messages are formatted -- it >> depends on the mail server software and version (and >> language). Most are delivered from an empty sender address >> (spamdyke logs it as "(unknown)") but some aren't (I've seen >> bounces from "postmaster@", "MAILER-DAEMON@" and more). >> >> spamdyke doesn't currently have a way to block messages from >> null senders but it wouldn't be hard to add. It would just >> be a very small extension to the sender blacklist feature. >> Whether you _should_ block those messages is up to you. >> >> -- Sam Clippinger >> >> Venks Izod wrote: >> >>> I think this question is about outgoing backscatter. Is >>> >> there a way >> >>> to deny/drop all incoming backscatter? I guess the questions are: >>> >>> 1. Do MTAs consistently indicate in the headers that this >>> >> is a bounce >> >>> 2. does spamdyke have a rule to decide based on this? >>> >>> Often a random user in my company will get upwards of 2000 mailer >>> daemon messages in one day. >>> >>> I understand that this would mean 2 things, one is that I will lose >>> out on real bounces. The other (if I deny it) is that I am >>> >> possibly >> >>> just pushing the backscatter problem upstream and making it >>> >> worse for >> >>> somebody else. >>> >>> I don't mind having to change the spamdyke source. >>> >>> Bruce - you could completely disable bounces from qmail (another >>> sledgehammer approach). >>> >>> - Venkat >>> >>> -----Original Message----- >>> From: Sam Clippinger <[EMAIL PROTECTED]> >>> Sent: Friday, April 18, 2008 15:51:38 >>> Subject: Re: [spamdyke-users] Backscatter Spam Question >>> >>> You're not alone in wanting this feature -- recipient >>> >> validation is at >> >>> the top of my TODO list for spamdyke's version-after-next. >>> >> I'm trying >> >>> my best to get the next version (4.0.0) tested and >>> >> documented so I can >> >>> release it, hopefully this month. Once that's done, I'll >>> >> be tackling >> >>> recipient validation. Checking an LDAP directory is probably not >>> going to be possible in my first attempt, however. >>> >>> -- Sam Clippinger >>> >>> Bruce Schreiber wrote: >>> >>> >>>> I am receiving complaints about backscatter spam from my >>>> >> mail service. >> >>>> I would like to add a filter to block mail addressed to users that >>>> are not in my LDAP directory and drop them before Qmail starts its >>>> process. I do not seem to see any filters in the >>>> >> configuration that >> >>>> fit what I want. >>>> >>>> Does anyone have any suggestions? >>>> >>>> Thank you, >>>> >>>> Bruce >>>> >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
