If your receiving server is under your control, I would look into
putting up some restrictions, and maybe using dnsbls/rbls.
SpamAssassin can probably also help filter out the backscatter.
Sending it back definitely isn't going to do anything (except maybe
get your domain/ips blacklisted). Just as you are getting backscatter
for mail you don't send; the servers sending it to you are sending it
because a spammer is taking advantage of them too (though admittedly,
if they configured their servers better, you probably wouldn't get
backscatter from them).
On 13 Oct 2008, at 19:08, Michelle Konzack wrote:
Hello *,
since some days I am hit by several 10.000 backscatters (MAILER-
DAEMON,
postmaser, noreply).
I like to know how you are dealing with it.
Since I am on GSM/Dialup, I am currently not more able to read my
email
I use here to post...
I am thinking to send this crap back to the origination server with:
----
[ STDIN ]-----------------------------------------------------------
:0c
* ^To:.*(linux4michelle|michelle\.konzack|ml4michelle)@(tamay-
dogan.ne
* ^From:.*(MAILER-DAEMON|postmaster|noreply)
* ! ^From:.*pinguin-hosting\.de
* ! ^From:.*tamay-dogan\.net
* ! ^X-Loop:.*backscatter killer
{
:0fw
| tdbackscatter-pgsql --register
:0
* ^X-TDBackscatter-pgsql: HIT=true
{
VAR0=`formail -czx To:`
VAR1=`formail -I Return-Path: -I Sender: -r -t -czx To: |sed
's|.*@|@|'`
VAR2=`date --rfc-822 `
VAR3=`cat`
:0fw
| (formail -I "Return-Path:" -r -t \
-a "Message-ID:" \
-I "Return-Path: <>" \
-I "From: ${VAR1}" \
-I "To: abuse${VAR2}, postmaster${VAR2}" \
-I "Date: ${VAR3}" \
-I "User-Agent: tdtools-procmail v 2.0.0" \
-I "Mime-Version: 1.0" \
-I "Content-Type: text/plain; charset=us-ascii" \
-I "Content-Disposition: inline" \
-A "X-Loop: backscatter killer" ; \
echo "Hello backscatter sender." ; \
echo "" ; \
echo "You get this message since you have send me more then 5
of them." ; \
echo "" ; \
echo "Because I have no customers, friends or such in your
domain, your" ; \
echo "Mailserver is definitively broken since it does respond
to Fake-Headers." ; \
echo "Do not spam me again with this shit..." ; \
echo "" ; \
echo "Otherwise you must calculate with a DoS on your
Mailsystem." ; \
echo "" ; \
echo "######################### Original Message Follows
#########################
echo "${VAR4}" |sed 's|^|> |g')
:0c
|sendmail -t
}
:0
.ATTENTION.FLT_backscatter/
}
------------------------------------------------------------------------
Good, this is currently working and it bombed out over 23.000
messages
today but I have over 35.000 waiting from the last weekend...
Any better ways to stop them sending out backscatters?
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant
#####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail