use spamcop and bounce with spamcop response help.

Glenn Steen glenn.steen at gmail.com
Wed Nov 29 07:31:41 GMT 2006


On 28/11/06, Scott Silva <ssilva at sgvwater.com> wrote:
> Chuck Rock spake the following on 11/28/2006 8:12 AM:
> > Scott Silva <ssilva <at> sgvwater.com> writes:
> >
> >> Chuck Rock spake the following on 11/27/2006 7:47 AM:
> >>> Scott Silva <ssilva <at> sgvwater.com> writes:
> >>>
> >>>> Chuck Rock spake the following on 11/26/2006 4:41 PM:
> >>>>> I am bouncing messages with MailScanner that match the Spamcop list.
> >>>>>
> >>>>> I see in the latest version I'm using 4.56.8 you can modify message
> >>> headers
> >>>>> with actions.
> >>>>>
> >>>>> Is there a way to modify the message header to the spamcop address is
> >>> listed
> >>>>> with the proper IP like if you just used Sendmail to bounce it?
> >>>>>
> >>>>> This is what Spamcop tells you to di if you run Sendmail.
> >>>>>
> >>>>> FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see:
> >>>>> http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl
> >>>>>
> >>>>> I was thinking of adding the message header in MailScanner similar to
> > this.
> >>>>> Spam Actions = bounce header "X-Spam-Status:
> >>>>> Yes : 'http://spamcop.net/bl.shtml?'(flagged_IP)
> >>>>>
> >>>>> Is there a syntax in Mailscanner to provide that IP to that header line
> > so
> >>> a
> >>>>> person could get to the spamcop site with their IP address information?
> >>>>>
> >>>>> Thanks,
> >>>>> Chuck
> >>>>>
> >>>> If you want that "feature", and are dropping the message anyway, why not
> > just
> >>>> drop it at the MTA. You will save yourself the load, and get the desired
> >>>> result. You really should never bounce messages after you receive them. If
> >>>> they are dropped during the connection phase, you get the rejection to the
> >>>> proper server, but if you have received it, then all you have is the
> > possibly
> >>>> forged sender address to rely on.
> >>> So basically, if I can have MailScanner skip the spam lists check
> > altogether
> >>> and just put the spamcop config in the proper sendmail config file for my
> >>> inbound sendmail process?
> >>>
> >>> Is there another benefit of having MailScanner check the rbl's instead of
> > or
> >>> in addition to Sendmail?
> >>>
> >>> Thanks,
> >>> Chuck
> >>>
> >>>
> >> The only benefit I know of is if you want to store the bad stuff in
> >> quarantine. The best in order are ;
> >> MTA
> >> Spamassassin
> >> Mailscanner
> >>
> >> If you have no problem dropping every message that hits spamcop, then
> > dropping
> >> at the MTA is the safest and least processor intensive. After that, you have
> >> the message on your server, and bouncing it will make you many enemies, and
> >> maybe get you listed on a blacklist yourself. I am using sbl-xbl and
> >> combined.njabl.org at the mta with no complaints. You should open up your
> >> abuse and postmaster addresses, but spamassassin and mailscanner can catch a
> >> lot of the garbage there.
> >>
> >
> > Thanks everyone for the valuable input. I run a small ISP with a few thousand
> > mailboxes and I'm very very tired of spending so much time and money
> > to "handle" the onslaught of spam. I have too many customers complaining and
> > when my servers have problems, all the business customers complain because
> > they can't do business...
> >
> > I have received messages from Spamcop with enough information for me to find
> > the problem. I would go as far to say that if a sender is listed in the
> > spamcop database, I'm secure enough to assume it's for a good reason and
> > whomever owns that IP, needs to know and do something about it. Bounces are
> > good for me because they at least will let a legitimate sender know that their
> > message didn't reach the destination and the server resources and bandwidth
> > are not used. I guess one other bonus to using MailScanner would be that for
> > certain recipients, I could make it ignore the spamlist test so if people
> > really didn't want to reject messages from senders found in Spamcop, then I
> > could allow that.
> >
> > Thanks again for your time.
> >
> > Chuck
> >
> >
> As was stated before, a bounce is usually not good, but if they get a reject
> at the MTA, that is totally different. A bounce will imply that you recieved
> the message and are returning it. But when you use the blacklists you in
> effect stop the sending server as it starts to "talk" to your receiving server
> and tell it to "stop! I don't want this message!" A bounce will be at the
> mercy of any forgery in the message, but the MTA is in direct communication
> during the transaction, and doesn't need to rely on those forged addresses.

Just to make it real clear: Rejections will also result in a "bounce"
(well... Non Delivery Notice ...) being sent to the sender of
legitimate mail... Only difference is that it is the responsibility of
the sending MTA (!=yours) to generate it. For spam, there might be no
MTA in the other end, so ... :-). If law and policy permitt you to
reject via BLs at the MTA, then for $DEITYs sake, do so.


> And you can also "whitelist" certain addresses at the MTA of you want to
> exempt certain senders or recipients from the MTA blacklists. In sendmail,
> this is fairly easy, so the postfix and exim people can jump in and say that
> it is easy there also.
>
Jump jump:-).
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list