Re: [exim] Backscatter

Top Page
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-users
Subject: Re: [exim] Backscatter
On 05/06/10 14:44, W B Hacker wrote:
> I'm no fan of Marc's ways of 'tasting' or playing with spam to
> inflate stats instead of simply blocking it - but he is by no means
> alone in raising the bar to unwanted sender callouts.


He's the only one causing me issues. Everyone else just rejects the
message and gets on with life. He's also not checking for spam - just
assuming everything is spam. I'll occasionally have a complaint from
someone unable to send to someone they could email last week, but
they're easy enough to handle locally.

> Curious as to which ISP would have paid any attention to his
> 'service' in the first place?


It's People Telecom in Australia for this particular client. I'm working
very hard on getting them to drop the feedback loop in question and am
considering talking to the postmaster of the recipient domain to get
them to switch to a different filtering provider.

> Local rules will either block or 'sanitize' (as above) the same folks
> they list *when misbehaving* ELSE NOT, hide fewer 'false positives'.
> All w/o need of calling a Remote BL or being concerned if it is
> available, responding rapidly, or accurate.


The main reason I added ips.backscatterer.org to my bounce checking is
because of several joe job spam runs.

Each of the hosts sending the bounce messages was passing every rDNS,
HELO, and DNSBL. They were mostly eastern block servers which accepted
all emails to any address and then bounced them. The bounce messages did
not always include the content but instead just the rejection message so
content filters couldn't even pick them up. The spam runs were always
done overnight for my timezone so I could not act on them until it was
all over.

Even after the runs, none of these servers were listed on any major or
minor list, except backscatterer. As a result, I now use it "safe" mode
on servers and it has worked amazingly well. It has stopped a number of
bounce attacks and callout attacks since. The ONLY headache I've had
with it has been the stupid blacklisting and notifications.

From your post, I believe that your experience with bounce messages
greatly differs to mine. Everyone seems to get their own flavour of spam
and attacks which makes having a catchall view on particular method
quite difficult.

--
The Exim Manual
http://docs.exim.org/