Hi all,
Interesting replies.
I *think* that a few of you *might* have mesread, or misunderstood my
problem:
My servers are being seen as the SOURCE of the spam. That is to say, my
servers are being bombarded with messages that have a non existent user,
then, my server bounces the mail to many recipients.
I must admit, that I am suprised that none of you *seem* to have had to deal
with this exact same issue...or am I missing something? I hope it does not
mean that my configuration is so bad ...
I have since tried adding a line to my config that would like you all to
consider (let me know if you think badness could result. It is contained
within my acl:
deny senders = :
condition = ${if ! eq{$recipients_count}{1}{1}}
message = Bounces must have only a single recipient
log_message = Another denied due to backscatter-Single Recipient
Here is my current acl:
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
acl_check_rcpt:
accept hosts = :
dnslists = ips.backscatterer.org
message = This message looks like a bounce, and your server is
listed at \
ips.backscatterer.org, so I assume that this is "backscatter". \
Please configure your mail server to not send "backscatter spam".
\
For advice, try http://www.dontbouncespam.org/
log_message = ATTENTION BACKSCATTERER
deny local_parts = ^.*[@%!/|] : ^\\.
deny senders = :
condition = ${if ! eq{$recipients_count}{1}{1}}
message = Bounces must have only a single recipient
log_message = Another denied due to backscatter-Single Recipient
accept local_parts = postmaster
domains = +local_domains
require verify = sender
deny message = rejected because $sender_host_address was \
found in our blacklist
log_message = domain found in $blacklisted_domains
hosts = +blacklisted_domains
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
----- Original Message -----
From: "??? Bill Hacker" <askbill@???>
To: "exim users" <exim-users@???>
Sent: Wednesday, March 05, 2008 5:19 PM
Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE!
> Matt wrote:
>>>> on the recieving side server supporting SPF but its pretty widespread
>>>> so
>>>> should have a very positive impact on your problem if
>>>> you arent already using it. The other good thing is its technically
>>>> very
>>> I am not too sure. I have noticed about 800 or so spf hits in a year
>>> time on a count of 100000+ filtered spam. It seems very ineffective (<
>>> 1%). Besides didn't it break traditional forwarding?
>>
>> If you use it hopefully its less likely your messages will be marked
>> as SPAM. I doubt DKIM is any better at blocking SPAM. They both do
>> basically the same thing which is insure only authorized senders are
>> allowed to send messages for a given domain.
>>
>> Matt
>>
>
> 'insure'?
>
> Or just add yet-another layer of complexity?
>
> 'There was an old lady who swallowed a fly...'
>
> We keep looking for a buzz-phrase 'magic bullet' add-on when the most
> important tools have been in the original smtp RFC's for decades.
>
> Fixed-IP, proper DNS with correct MX and PTR RR, HELO with a FQDN that
> matches the records for the IP connecting, proper protocol handhskes &
> sequencing, correct envelope/header/message/attachment format and
> mime-type encoding...
>
> ... combine to do a better job, cheaper, and faster.
>
> Bill
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
