Date: Thu, 16 Oct 2008 12:18:36 -0500 From: eculp@casasponti.net To: freebsd-questions@freebsd.org Subject: Re: I've just found a new and interesting spam source - legitimate bounce messages Message-ID: <20081016121836.17qwm4xcs6kgwg88w@intranet.casasponti.net> In-Reply-To: <20081016145255.GA12638@icarus.home.lan> References: <20081016090102.17qwm4xcs6f4so8ok@intranet.casasponti.net> <20081016145255.GA12638@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeremy Chadwick <koitsu@FreeBSD.org> escribi=F3: > On Thu, Oct 16, 2008 at 09:01:02AM -0500, eculp@casasponti.net wrote: >> In the last hour, I've received over 200 legitimate bounce messages from >> email services as a result of someone having used or worse is using my >> email address in spam from multiple windows machines and ip addresses. >> The end result is that I am getting the bounce messages. I'm sure that >> others on this list have experienced the problem and maybe have a >> solution that I don't have. >> >> The messages are allowed through my obspamd/pf and pf smtp bruteforce >> blocking rules because they are completely legit. >> >> I guess the work around is to filter them on incoming together with our >> local bounce messaages util the spammers get tired of my address. > > The term coined for this type of mail is "backscatter". > > There is no easy solution for this. The backscatter article on > postfix.org, for example, caused our mail servers to start rejecting > mail that was generated from PHP scripts and CGIs on our own systems, > which makes no sense. The article: > > http://www.postfix.org/BACKSCATTER_README.html Thanks for the article, Jeremy. I hadn't seen it. > If the backscatter is all directed to a single Email address (rather > than a series of addresses, e.g. sdfkjhsfjkksjdf@yourdomain.com, and > you have *@yourdomain.com accepted), then a solution is to reject > mail with an RCPT TO of an account or virtual address that does not > exist on your machine. > > This, of course, has a wonderful side effect: spammers now have a way to > detect what Email addresses on your box legitimately accept mail, thus > once they find one which never gets a bounceback, will start pounding > that address to kingdom come. > > Let me know if you do find a reliable, decent solution that does not > involve SPF or postfix header_checks or body_checks. I wish ;) Thanks again, ed > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.or= g" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081016121836.17qwm4xcs6kgwg88w>