Am 2008-10-17 15:38:19, schrieb Neil:
Fifth, again, I want to reiterate: if you're sending back the
backscatter, you're basically backscattering yourself, just
intentionally. This makes you a part of the problem, not the solution.
Currently I send the message back with a notice "WHY" to <abuse> and
<postmaster> and some of the backscattering domains do not have <abuse>
or <postmaster> addresses or the mailboxes are full.
My "bounces" get a unique ID and if the backscater me again with the new
message send by me I can check there domain manaualy to get responsable
peoples (TWO russin ISPs have very fast answered me per telephone since
I told them that I can not read messages currently because I have gotten
1 GByte of backscatter in my Mailbox...)
Also <rr.com> which has no <abuse> address and you need to contact
<earthlink.net> have contacted my by phone sonce they had at least 230
spamers or zombies in there net bombing my domain.
My current script is very fexible... if no manual created config file
for one domain exist I send to <abuse> and <postmaster> otherwise to one
or more configure accounts...
And of course, THIS filter stays there up to the moment where my mesages
are bounces and I have to update my config
[1] Is it that backscatter is DoSing your servers (consuming too
bandwidth)?
It is the load on the server...
<tamay-dogan.net> is currently hosted @ISP together with some other
domains not from me.
My Hoster has already suggested geting my OWN root server but since I
have currently no time maintaining a whole server, I need a managed one
which cost 150€ per month...
Even if I use one of my spare "Zenith Data System" Quad-Xeon I would pay
at least 80 Euro for its hosting but have to maintain it my own.
[2] Or is it that you simply can't sort all the mail you're getting
and you're spending so long deleting the backscatter that you can't
actually make use of your email?
This too
I am in France and on GSM/GPRS/UMTS...
You can go to the Website <http://www.bouyguestelecom.fr/> and then look
for "Forfaits Internet Mobile"...
0-50 MB 22,90 €/month \ This price is dynamicaly
51-500 MB 34,90 €/month | adapted each month.
501-1024 MB 44,90 €/month /
each MByte more cost 0,10 €.
In germany with "O2" for example you pay 25 €/month for 5000 MByte
traffic but since I have no Bank account in Germany nor I live there, I
can not get an "O2" account, even it works from my appartement in
Strasbourg (distance less then 2km to Germany)
Even if I run perl scripts from home over IMAP, I have a traffic of more
then 80 MByte per day for arround 50000 Spams. With GSM in France no
chance but with the account in Germany no problem...
Note: Currently I am looking for someone in Germany which can install
an O2 "Genion S" account with the "5000 MByte Data" option
where I would pay using IBAN/BIC.
So money is no problem but geting the account.
If the problem is option [1], you _must_ implement the solutions I
offer below at the gateway/MX server. Now, I don't know your setup,
but it sounds like you have a provider accepting mail on your behalf,
which you're then downloading via some device using your GSM card. If
this is correct, you have to stop the mail from ever hitting your GSM
card, or else you will consume bandwidth.
Right
If the problem is option [2], then it would be _preferable_ to
implement these solutions at the gateway/MX server; but you _may_
silently discard the mails once it hits the final destination.
I could even move the messages to a blind account where I can tar.bz2 it
and then I can download it if I have nothing to do or I have the time go
in an Internet Cafe. My server @home could do final filtering for
false-positives with at least 20000 messages/hour (enough resources on
my used-buyed Quad-Xeons)
Now, I understand you really want to fix this problem as soon as
possible; but in order to do it, and do it well, the truth of the
matter is that its not going to be a super quick fix. There is no
I know... :-/
single option in the configuration files to turn on. You need to
understand what the document is explaining, and then use that to build
your own solution after looking at your own server. You can't simply
copy and paste parts of the document.
I know this too...
But there are some realy nice things described... ;-)
Now, one additional thing you _can optionally_ do, is use dnsbls to
reject/discard mail coming from servers which have badly configured
MTAs or are not following RFCs. For example, http://www.rfc-ignorant.org/
will help you with the latter.
Ah yes, question: How can I use this RFC-ignorant stuff?
Is this working like the <zen.spamhaus.org> stuff with the reverse IP?
If yes, which servers I must use for it?
My hoster is using DSPAM but to train the filter, I have to use the
Web-Interface which is only usefull if you get occasionel spam and not
being DoS'ed by backscatters
Nonetheless, as the guys here and the doc writers on Postfix have
shown, it _is_ possible to eliminate, or at least reduce, backscatter
without wholesale blocking of all mail from certain netblocks.
Right, which is, what I like to avoid...
There are peoples, blocking WHOLE countries like Korea or China but if I
would do this I kick of at least 40-50 Linux-Developer and several 100
legitimate Linux-Users which is definitively not waht I want.
I hope you find this helpful and I hope you find respite from your
backscatter plague soon.
I will try all ideas..
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail