Re: [exim] Backscatter Spam Again. HELP PLEASE!

Top Page
Delete this message
Reply to this message
Author: Grant Peel
Date:  
To: Craig Jackson, exim-users
Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE!
Hi Craig,

One thing I have notice that has taken care of 90% of the problem is adding
the line that a sender can only have one email address, otherwise it is
rejected right away.

deny    senders = :
          condition     = ${if ! eq{$recipients_count}{1}{1}}
          message       = Bounces must have only a single recipient
          log_message   = Another denied due to backscatter-Single Recipient


-Grant

----- Original Message -----
From: "Craig Jackson" <CJackson@???>
To: "Grant Peel" <gpeel@???>; "exim users" <exim-users@???>
Sent: Thursday, March 06, 2008 10:25 AM
Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE!


>
>
>> -----Original Message-----
>> From: exim-users-bounces@???
>> [mailto:exim-users-bounces@exim.org] On Behalf Of Grant Peel
>> Sent: Thursday, March 06, 2008 7:49 AM
>> To: ??? Bill Hacker; exim users
>> Subject: Re: [exim] Backscatter Spam Again. HELP PLEASE!
>>
>> Hi all,
>>
>> Interesting replies.
>>
>> I *think* that a few of you *might* have mesread, or misunderstood my
>> problem:
>>
>> My servers are being seen as the SOURCE of the spam. That is
>> to say, my
>> servers are being bombarded with messages that have a non
>> existent user,
>> then, my server bounces the mail to many recipients.
>>
>> I must admit, that I am suprised that none of you *seem* to
>> have had to deal
>> with this exact same issue...or am I missing something? I
>> hope it does not
>> mean that my configuration is so bad ...
>>
>
> Why don't you perform several useful checks of the email before checking
> for a valid recipient. That's what I do. Checking valid recipient is the
> last thing I do in the rcpt acl. For instance...
>
> 1) If the sending domain is a popular domain such as Yahoo, the IP
> address is checked against the CIDR blocks that I know Yahoo sends from.
> If the IP doesn't match, the email is tagged as spam and made to wait a
> short length of time.
>
> 2) The IP address is checked against a list of naughty CIDR address
> blocks, and tagged as spam and made to wait a bit of time weighted based
> as to how naughty that network is.
>
> 3) Then there are the spamhaus/spamcop checks.
>
> Etc.
>
> The idea here is to make spamming as painful as possible for the spammer
> before the message is finally rejected due to invalid recipient. Maybe
> I'm off base here.
>
> These basic checks along with the ones WBHacker suggests -- before the
> recipient check -- will probably solve your problem. Unfortunately, I
> don't know how to do what you actually ask, which is turn off bounces in
> favor of a flat out rejection. I would not do that anyway because
> bounces are a good thing.
>
> Craig
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>