On Thu, 2008-03-27 at 10:04 -0400, Michael Scheidell wrote: > > From: ram <[EMAIL PROTECTED]> > > Date: Thu, 27 Mar 2008 15:36:04 +0530 > > To: spamassassin-users <users@spamassassin.apache.org> > > Subject: Spam abuse report plugin > > > > I get a lot of spam on my servers which get detected by SA though are > > generated by innocent mail servers. > > > > We see a lot of mail users have insanely simple passwords , spammers are > > using these accounts and send spam. By the time the administrator > > realizes the server has sent 1000's of spam > So you would spam the abuse@ account '-) > > > > > If spamassassin had an option to send abuse report to servers > > automatically and send mails to abuse@<server-admin> the moment the > > first sure spam comes in the admin could be warned before much damage > > has been done. Obviously we limit to only 1 or 2 reports in an hour to a > > particular id > > Best is to set up something to use 'spamassassin -r' (report) feature. > Set up a SpamCop account, put that information in local.cf. > SpamCop will scan the emails for uri's add them to uri blacklists, add the > server to spamcop blacklists, track down the responsible isp, and pre-format > a complain email. > Ok. Will definitely try this Thanks. Does this work with the free spamcop report id too
> If you have DCC and RAZOR, it will also submit the information to those > databases. > > NOTE: YOU DO NOT WANT TO AUTOMATICALLY SEND REPORTS AS THIS _WILL_ SPAM > INNOCENT, FORGED DOMAINS ADDING TO THE BACKSCATTER PROBLEMS. > > I personally dont like the traditional spamcop report method of forwarding Spamcop uses a double confirm method, and to confirm all mails is a pain. I will look at how to automate this. I trust spamcop should not mind. This is building spamcops database of spam originating machines I do not see how I will spam the abuse@<domain> or contribute to backscatter, because the report will not be sent to the email-from domain , but to the administrator of the mailserver from where the mail originated ( That could be forged too .. but the percentages are too small to bother about ), I assume these ips will have PTR's and point to proper domains else discard anyway 2 report mails an hour , will not spam an abuse@ account IMHO Thanks Ram
