I've just found a new and interesting spam source - legitimate
bounce messages
eculp at casasponti.net
eculp at casasponti.net
Thu Oct 16 10:19:14 PDT 2008
Jeremy Chadwick <koitsu at FreeBSD.org> escribió:
> On Thu, Oct 16, 2008 at 09:01:02AM -0500, eculp at casasponti.net wrote:
>> In the last hour, I've received over 200 legitimate bounce messages from
>> email services as a result of someone having used or worse is using my
>> email address in spam from multiple windows machines and ip addresses.
>> The end result is that I am getting the bounce messages. I'm sure that
>> others on this list have experienced the problem and maybe have a
>> solution that I don't have.
>>
>> The messages are allowed through my obspamd/pf and pf smtp bruteforce
>> blocking rules because they are completely legit.
>>
>> I guess the work around is to filter them on incoming together with our
>> local bounce messaages util the spammers get tired of my address.
>
> The term coined for this type of mail is "backscatter".
>
> There is no easy solution for this. The backscatter article on
> postfix.org, for example, caused our mail servers to start rejecting
> mail that was generated from PHP scripts and CGIs on our own systems,
> which makes no sense. The article:
>
> http://www.postfix.org/BACKSCATTER_README.html
Thanks for the article, Jeremy. I hadn't seen it.
> If the backscatter is all directed to a single Email address (rather
> than a series of addresses, e.g. sdfkjhsfjkksjdf at yourdomain.com, and
> you have *@yourdomain.com accepted), then a solution is to reject
> mail with an RCPT TO of an account or virtual address that does not
> exist on your machine.
>
> This, of course, has a wonderful side effect: spammers now have a way to
> detect what Email addresses on your box legitimately accept mail, thus
> once they find one which never gets a bounceback, will start pounding
> that address to kingdom come.
>
> Let me know if you do find a reliable, decent solution that does not
> involve SPF or postfix header_checks or body_checks.
I wish ;)
Thanks again,
ed
>
> --
> | Jeremy Chadwick jdc at parodius.com |
> | Parodius Networking http://www.parodius.com/ |
> | UNIX Systems Administrator Mountain View, CA, USA |
> | Making life hard for others since 1977. PGP: 4BD6C0CB |
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list