procmail
[Top] [All Lists]

Dealing with current backscatter spam

2008-10-14 08:38:38
Hello *,

since some days I am hit by several 10.000 backscatters  (MAILER-DAEMON,
postmaser, noreply).

I like to know how you are dealing with it.

Since I am on GSM/Dialup, I am currently not more able to read my  email
I use here to post...

I am thinking to send this crap back to the origination server with:

----[ STDIN ]-----------------------------------------------------------
    :0c
    * ^To:.*(linux4michelle|michelle\.konzack|ml4michelle)@(tamay-dogan.ne
    * ^From:.*(MAILER-DAEMON|postmaster|noreply)
    * ! ^From:.*pinguin-hosting\.de
    * ! ^From:.*tamay-dogan\.net
    * ! ^X-Loop:.*backscatter killer
    {
      :0fw
      | tdbackscatter-pgsql --register

      :0
      * ^X-TDBackscatter-pgsql: HIT=true
      {
        VAR0=`formail -czx To:`
        VAR1=`formail -I Return-Path: -I Sender: -r -t -czx To: |sed 's|.*@|@|'`
        VAR2=`date --rfc-822 `
        VAR3=`cat`

        :0fw
        | (formail -I "Return-Path:" -r -t \
                   -a "Message-ID:" \
                   -I "Return-Path: <>" \
                   -I "From: ${VAR1}" \
                   -I "To: abuse${VAR2}, postmaster${VAR2}" \
                   -I "Date: ${VAR3}" \
                   -I "User-Agent: tdtools-procmail v 2.0.0" \
                   -I "Mime-Version: 1.0" \
                   -I "Content-Type: text/plain; charset=us-ascii" \
                   -I "Content-Disposition: inline" \
                   -A "X-Loop: backscatter killer" ; \
        echo "Hello backscatter sender." ; \
        echo "" ; \
        echo "You get this message since you have send me more then 5 of them." 
; \
        echo "" ; \
        echo "Because I have no customers, friends or such in your domain, 
your" ; \
        echo "Mailserver is definitively broken since it does respond to 
Fake-Headers." ; \
        echo "Do not spam me again with this shit..." ; \
        echo "" ; \
        echo "Otherwise you must calculate with a DoS on your Mailsystem." ; \
        echo "" ; \
        echo "#########################  Original Message Follows  
#########################
        echo "${VAR4}" |sed 's|^|> |g')

        :0c
        |sendmail -t
      }
      :0
      .ATTENTION.FLT_backscatter/
    }
------------------------------------------------------------------------

Good, this is currently working and it bombed out over  23.000  messages
today but I have over 35.000 waiting from the last weekend...

Any better ways to stop them sending out backscatters?

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>