Re: [exim] Newbie spam bounce retries question (without disc…

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Sean Hoggard
CC: exim-users
Subject: Re: [exim] Newbie spam bounce retries question (without disclaimer)
On Tue, 2004-09-14 at 13:56 +0100, Sean Hoggard wrote:
> I'm running exim 4.3, with spamassassin, amavis and clam, the problem
> I have is that about 90% of my messages are bounce messages generated
> from spam, I've read that I should perhaps turn off the generation of
> bounce messages, but I'm afraid I must have them, our spam filter is
> zealous so there are quite a few false positives.


So you are accepting incoming mail, scanning it, and sending out bounces
for messages you want to reject.

This is seriously silly now - it might have seemed sensible a few years
back, but now it makes your system a form of spam distribution system
and a bloody irritating nuisance to everyone else. And its a nuisance
for you as you are now finding.

You need to move your scanning stage earlier to message reception and
reject during the SMTP transaction rather than later. Then you can just
give the sending server a reject status code rather than having (to pay)
to freight the message out again, plus you don't have to deal with all
the problems of forged message sender addresses.

This applies even more in the case of virus detection messages. I now
treat those as grounds to send abuse complaints to the users ISP - I
don't care that someone is virus infected because I can absolutely
guarantee its not been sent by me.

For further info on backscatter spamming (concentrating on viruses) see
http://www.attrition.org/security/rant/av-spammers.html
http://www.f-prot.com/news/gen_news/040130_open_letter.html

You can do SMTP time scanning using exiscan. If you really insist on
sending out reject messages please can you tune them so that Tim
Jackson's (another member of this list) excellent filter to detect and
destroy such warnings needs to know about your reject messages. Check
they are caught by this filter and if not let Tim have samples so the
rest of us can ignore them...

    Nigel.


-- 
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]