Re: [Exim] Tarpit SPAM trap

Pàgina inicial
Delete this message
Reply to this message
Autor: Nigel Metheringham
Data:  
A: I. Forbes
CC: debian-isp, exim-users, abuse
Assumpte: Re: [Exim] Tarpit SPAM trap
[I am somewhat concerned about the size of the cc list - in that it
covers several lists - but for now have let it stand since this is more
than just an exim issue]


iforbes@??? said:
> We send copies of this spam to abuse@??? on a daily basis. The
> only response I have ever had from AOL is from an autoresponder.
> Sometimes we send copies to the relay machine admins, usually
> "abuse@<domain>" bounces and sometimes "postmaster@<domain>" bounces
> too. I have never had a reponse from any of them.


This is culpable idiocy. Just because AOL are bit does not mean they
can trample on everyone else in the world. However I guess the problem
of launching legal action against a US entity from ZA would make legal
a difficult option. Are these messages coming direct from AOL modem
space, or through their mail systems - if the latter I would think
there is sufficient evidence to get their mail mail systems on the
Vixie RBL which tends to make even giants think twice.

There needs to be social/legal action taken here since it is not a
technical problem.


However technical workrounds are:-

  - refuse at SMTP level all messages to the forged spam sender address
    this can be done within a vanilla exim, or I guess you would need to
    hack qmail's receiver [I don't really know qmail well enough to 
comment]


However you will still get piles of messages to abuse@/postmaster@ that
domain from the slightly more clued - and there isn't a good way of
handling that other than maybe an autoreply (make sure it works right
or you will live to regret it).

The Teergrube solution is *not* in any way a solution to your problem -
don't even consider it. Remember that the machines sending you these
bounces and complaints are probably innocently of any proper
involvement in this spam run. There are also likely to be thousands of
them, so when you say...

> This will cause the spaming host to go down, as any operating
> system has a limit on open sockets.


the system it will take down is *your* system.

Also DOSing the relays is likely to bring you into problems of legality.

Remember if you have another machine (or even just an IP) on your
external internet AS then you could put up exim on that box as an
emergency measure and point the domain being hit at that system - at
least then you can refuse a pile of the stuff quicker than you can
reconfigure your complete mail system. This specialist handler would
reject the crud and pass the rest on to your standard MTA config.

    Nigel.
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]