Date: Thu, 5 Jan 2017 09:06:48 -0600 (CST) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: "Matthias Fechner" <idefix@fechner.net> Cc: freebsd-questions@freebsd.org Subject: Re: Filtering Email Message-ID: <46452.128.135.52.6.1483628808.squirrel@cosmo.uchicago.edu> In-Reply-To: <99370884-b547-c3c7-7b2b-711cedcedf27@fechner.net> References: <2E557AFF-35A1-4D08-8FA9-10C65BF4ABDE@lafn.org> <9bd488a3-ca45-a546-3706-3b032386f954@FreeBSD.org> <99370884-b547-c3c7-7b2b-711cedcedf27@fechner.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, January 5, 2017 2:58 am, Matthias Fechner wrote: > Am 05.01.2017 um 09:12 schrieb Matthew Seaman: >> There's a potential problem with rejecting email from your local server -- backscatter. If your upstream MTA has accepted a message for delivery and then your local MTA later decides to bounce it, there is no >> choice other than to send the bounce to the sender address in the mail headers, and spammers nowadays forge that address, so you end up resending the spam to some (possibly innocent) third party. It's better >> to just /dev/null the messages in such circumstances. > > hm, this is really dangerous, you could kill by this action real email without notify the sender. > I would recommend that the sender set a SPF record to control which server is allowed to use their domain. > This would mitigate this problem and forge of email headers is not possible anymore. I agree both with both Matthew and Matthias. It is bad to drop messages your server accepted - you may have to answer one day where is message with messageID "this". And it is really nasty to make upstream server a source of backscatter, so their admins will be same nasty to you in return. One of examples (many may be surprised) is gmail: they accept the message addressed to [somebody, whatever is here]@gmail.com no matter whether accounts exists or not, and if not, they come back to you with nondelivery notification. This sets me off as on my server if I have to forward message, then before accepting it I check downstream if it is deliverable on destination server, if not I'm just not accepting the message. But gmail how they operate potentially can make my server a source of backscatter (yes, I had an incident!), so I don't forward to gmail. Back to the subject. The best approach to deal with spam messages we found for ourselves is: label them as spam, and deliver them into separate mailbox of recipient. We avoid using Junk mailbox, as this is often used by client software (Thunderbird, Apple Mail, etc.), using mailbox with different name simplifies distinguishing what detected message as spam: your server or client software. Analyzing messages: look at spamassassin, or amavisd (the last uses spamassassin, and can harness much more). Mail is rather big department of system administration, and dealing with spam has significant share in it. Be ready to spend some time, and re-visit it every so often. I hope, this helps. Valeri PS I'm not certain gmail still behaves the way it did in the past - as I described it. It did this weird thing in the past. That time someone joked: they try to collect all information that comes their way (for whatever profit), that's an explanation. I'm reluctant to re-visit my attitude to bad things of this world that I had to deal with ;-) > > > Gruß > Matthias > > -- > > "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook > > > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46452.128.135.52.6.1483628808.squirrel>