Am 2008-10-17 10:21:43, schrieb Professional Software Engineering:
(big, bad internet)
(mailserver)
(GSM)
(workstation + procmail)
Unfortunately this!
The only thing I can do is to code some perl/php stuff and put it in my
FTP/Web space which is on the same server, install a cronjob and kill
this crap but maybe my Hostingprovider can install procmail for me and I
can download the messages from the IMAP into my FTP/Web space filter it
there and then pack it up into compressed packages of 100 message which
then I can download using scp...
Okay, so the GSM problem is solved?
No, I can not get my message anymore or send message which mean, the
delay between "receiving", "answering" and "sending" of messages continu
with a delay of 2-4 days since I can go only all 2-4 days into the
Internet Cafe
Do you honestly think that some admin who can't secure their mailserver is
going to notice that they're getting a bunch of bounces BACK to
them? Really - they apparently didn't notice that they're being used as a
Oh, I have already filles up some "postmaster" accounts... Hmmm, they
have accepted arround 200-400 messages from me but now I get something
like "Mailbox full" ;-)
relay in the first place. And, you'd be generating THAT MUCH MORE TRAFFIC
that you're grumbling you are paying for.
Currently I am running a small Perl application from my CGI directory of
my Web-Server which works more or less...
I kill ANY message which come from "MAILER-DAEMON", "noreply" "root" and
"postmaster" which do not come from <freenet.de>, <*debian.org>,
<server4.pinguin-hosting.de> <rwth-aachen.de> or other domains sending
me possibel "legitim" bounces.
Is this ONE email source address of yours, or are they using random
addresses at your domain? Widespread use of wildcard addressing at domains
No, they are targeting <linux4michelle> in the domains <freenet.de> my
old ISP and now <tamay-dogan.net> my new own domain and VServer.
leads to an enormous spam hit for people, because spammers don't need to
use a legitimate address to get mail to you, and when they forge with a
randomized address, they still manage to bounce someplace.
I was thinking this too, but MY mailserver can accept ANY "localparts"
for ANY subdomains inside <tamay-dogan.net> IF the message COMES from
one serve inside this domain.
So I can send out a message to you using
<pse(_at_)samba3(_dot_)private(_dot_)tamy-dogan(_dot_)net>
which is my intranet server but you will never be able to reach or spam
this domain.
If you're getting bounces for messages you didn't send, perhaps you should
be checking the content for references to From: with your address and no
reference to your legitimate sending servers in the embedded Received:
lines.
The From: lines in the attached messages are always one of my VALID
emails and you know, a search with google on <linux4michelle> which give
you MANY hits...
Consider using a subdomain, such as mail.tamay-dogan.net for your
This domain should normaly exist...
email. REJECT all mail to the base domain, except perhaps abuse and
postmaster (or provide a link to a webpage explaining how to contact those
roles). This will sharply reduce the amount of crap you get, because
spammers tend to use the base domains - they're not bright enough to look
around for required mailhosts.
Do you mean, then using an E-Mail like
<linux4michelle(_at_)mail(_dot_)t-d(_dot_)net>?
But Spamers will spam this mail too or do I misunderstand something?
Then, as you get backscatter, it'll cut off those hosts responsible for the
bulk of it. You could have the perl script generate automatic email
notifications every few days of processing for hosts which have been
listed, delisted, and listed again (meaning it wasn't a one-time hiccup) -
do whois lookups, or standard RFC postmaster or abuse addresses at those
domains.
I did this sort of thing with my Vermicide worm defence mechanism for
Apache. An attempt to compromise my hosts would trigger a script which
would perform whois and netblock lookups, and notify responsible parties,
with cacheing of the attempt so that I wouldn't be tagged as a spammer for
sending the notifications.
This is a nice Idea...
My backscatter spamcount is now arround 98.000 ~ 1.5 GByte of traffic
since Friday 2008-10-10.
If I ventured a guess, it'd be that your massive sigline must have irked
somebody.
Since The last weekend the ammount of same is drastical reduced... Get
arround 1800 per day now..
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail