procmail
[Top] [All Lists]

Re: Dealing with current backscatter spam

2008-10-27 16:05:34
Am 2008-10-17 15:38:19, schrieb Neil:
Fifth, again, I want to reiterate: if you're sending back the  
backscatter, you're basically backscattering yourself, just  
intentionally.  This makes you a part of the problem, not the solution.

Currently I send the message back with a notice  "WHY"  to  <abuse>  and
<postmaster> and some of the backscattering domains do not have  <abuse>
or <postmaster> addresses or the mailboxes are full.

My "bounces" get a unique ID and if the backscater me again with the new
message send by me I can check there domain manaualy to get  responsable
peoples (TWO russin ISPs have very fast answered me per telephone  since
I told them that I can not read messages currently because I have gotten
1 GByte of backscatter in my Mailbox...)

Also <rr.com> which has no <abuse>  address  and  you  need  to  contact
<earthlink.net> have contacted my by phone sonce they had at  least  230
spamers or zombies in there net bombing my domain.

My current script is very fexible...  if no manual created  config  file
for one domain exist I send to <abuse> and <postmaster> otherwise to one
or more configure accounts...

And of course, THIS filter stays there up to the moment where my mesages
are bounces and I have to update my config

[1]    Is it that backscatter is DoSing your servers (consuming too  
bandwidth)?

It is the load on the server...

<tamay-dogan.net> is currently hosted  @ISP  together  with  some  other
domains not from me.  

My Hoster has already suggested geting my OWN root server  but  since  I
have currently no time maintaining a whole server, I need a managed  one
which cost 150€ per month...

Even if I use one of my spare "Zenith Data System" Quad-Xeon I would pay
at least 80 Euro for its hosting but have to maintain it my own.

[2]    Or is it that you simply can't sort all the mail you're getting  
and you're spending so long deleting the backscatter that you can't  
actually make use of your email?

This too

I am in France and on GSM/GPRS/UMTS...

You can go to the Website <http://www.bouyguestelecom.fr/> and then look
for "Forfaits Internet Mobile"...

    0-50 MB             22,90 €/month \  This price is dynamicaly
    51-500 MB           34,90 €/month  | adapted each month.
    501-1024 MB         44,90 €/month /  

each MByte more cost 0,10 €.

In germany with "O2" for  example  you  pay  25 €/month  for  5000 MByte
traffic but since I have no Bank account in Germany nor I live there,  I
can not get an "O2" account,  even  it  works  from  my  appartement  in
Strasbourg (distance less then 2km to Germany)

Even if I run perl scripts from home over IMAP, I have a traffic of more
then 80 MByte per day for arround 50000 Spams.  With GSM  in  France  no
chance but with the account in Germany no problem...

Note:  Currently I am looking for someone in Germany which can install
       an O2 "Genion S"  account  with  the  "5000 MByte Data"  option
       where I would pay using IBAN/BIC.
       So money is no problem but geting the account.

If the problem is option [1], you _must_ implement the solutions I  
offer below at the gateway/MX server.  Now, I don't know your setup,  
but it sounds like you have a provider accepting mail on your behalf,  
which you're then downloading via some device using your GSM card.  If  
this is correct, you have to stop the mail from ever hitting your GSM  
card, or else you will consume bandwidth.

Right

If the problem is option [2], then it would be _preferable_ to  
implement these solutions at the gateway/MX server; but you _may_  
silently discard the mails once it hits the final destination.

I could even move the messages to a blind account where I can tar.bz2 it
and then I can download it if I have nothing to do or I have the time go
in an Internet Cafe.  My server  @home  could  do  final  filtering  for
false-positives with at least 20000 messages/hour  (enough resources  on
my used-buyed Quad-Xeons)

Now, I understand you really want to fix this problem as soon as  
possible; but in order to do it, and do it well, the truth of the  
matter is that its not going to be a super quick fix.  There is no  

I know...  :-/

single option in the configuration files to turn on.  You need to  
understand what the document is explaining, and then use that to build  
your own solution after looking at your own server.  You can't simply  
copy and paste parts of the document.

I know this too...

But there are some realy nice things described...  ;-)

Now, one additional thing you _can optionally_ do, is use dnsbls to  
reject/discard mail coming from servers which have badly configured  
MTAs or are not following RFCs.  For example, http://www.rfc-ignorant.org/ 
 will help you with the latter.

Ah yes, question:   How can I use this RFC-ignorant stuff?

Is this working like the <zen.spamhaus.org> stuff with the reverse IP?
If yes, which servers I must use for it?

My hoster is using DSPAM but to train the filter,  I  have  to  use  the
Web-Interface which is only usefull if you get occasionel spam  and  not
being DoS'ed by backscatters

Nonetheless, as the guys here and the doc writers on Postfix have  
shown, it _is_ possible to eliminate, or at least reduce, backscatter  
without wholesale blocking of all mail from certain netblocks.

Right, which is, what I like to avoid...

There are peoples, blocking WHOLE countries like Korea or China but if I
would do this I kick of at least 40-50 Linux-Developer and  several  100
legitimate Linux-Users which is definitively not waht I want.

I hope you find this helpful and I hope you find respite from your  
backscatter plague soon.

I will try all ideas..

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail