watermarking and spam mail loops?

Jeff A. Earickson jaearick at colby.edu
Thu Aug 30 18:38:47 IST 2007


Gang,

I'm trying to understand watermarking from the list archives
(I took a month off the list), and I don't get it.  It looks
like it might be useful for killing spam-caused mail loops
between my front-end sendmail/MailScanner mail-relay and my
backend local-delivery box.  The scene is:

1) spammer with bogus return sends to a nonexistent Colby
    email address.
2) if MailScanner doesn't kill it as spam, it gets relayed
    onto the backend system, who doesn't know the recipient.
3)  the backend system is configured to send all non-local
    email to the front-end box, who sees that it is supposed
    to go to nonexistent Colby address, sent to the back-end,
    return to step 2 until 26 hops have been hit.  Then drop
    in postmaster's lap.

The summary of mail headers is below.  I notice that the 
X-Colby-MailScanner-Watermark is different on every iteration.
Can watermarking be used to kill this mail loop early on?

My MailScanner.conf settings are:

Use Watermarking = yes
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = spam
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = [deleted here]
Watermark Lifetime = 259200
Watermark Header = X-%org-name%-MailScanner-Watermark:


The mail headers look like:

    ----- Transcript of session follows -----
554 5.4.6 Too many hops 27 (25 max): from <> via backend.colby.edu, to <bogususer at colby.edu>

--l7UHAoe1018830.1188493850/frontend.colby.edu
Content-Type: message/rfc822

Return-Path: <>
Received: from backend.colby.edu (backend.colby.edu [137.146.28.76])
 	by frontend.colby.edu (8.14.1/8.14.1) with ESMTP id l7UHAoe0018830
 	(version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=OK)
 	for <bogususer at colby.edu>; Thu, 30 Aug 2007 13:10:50 -0400 (EDT)
Received: from frontend.colby.edu (frontend.colby.edu [137.146.28.72])
 	by backend.colby.edu (MOS 3.8.5-GA)
 	with ESMTP id ACM60239;
 	Thu, 30 Aug 2007 13:10:48 -0400 (EDT)
X-Colby-MailScanner-Watermark: 1189098637.87502 at sPv+tFbAY318zuq3UUwcPQ
Received: from backend.colby.edu (backend.colby.edu [137.146.28.76])
 	by frontend.colby.edu (8.14.1/8.14.1) with ESMTP id l7UHAb7E018697
 	for <bogususer at colby.edu>; Thu, 30 Aug 2007 13:10:37 -0400 (EDT)
Received: from frontend.colby.edu (frontend.colby.edu [137.146.28.72])
 	by backend.colby.edu (MOS 3.8.5-GA)
 	with ESMTP id ACM60230;
 	Thu, 30 Aug 2007 13:10:35 -0400 (EDT)
X-Colby-MailScanner-Watermark: 1189098625.26567 at Du4LxSJ4zxMUaTBdsi4teA
[ SNIP ! a bunch of mail headers in here}
Received: from chdsbs.ColbochHD.local (66.83.153.26.nw.nuvox.net [66.83.153.26])
 	by frontend.colby.edu (8.14.1/8.14.1) with ESMTP id l7UH5v03016243
 	for <bogususer at colby.edu>; Thu, 30 Aug 2007 13:06:06 -0400 (EDT)
From: postmaster at ColbochHD.com
To: bogususer at colby.edu
Date: Thu, 30 Aug 2007 11:55:28 -0500
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
 	boundary="9B095B5ADSN=_01C7EB1128F0C4AC0000B3D8chdsbs.ColbochHD"
X-DSNContext: 335a7efd - 4457 - 00000001 - 80040546
Message-ID: <qOdtCIq1e00006185 at chdsbs.ColbochHD.local>
Subject: {Spam?} Delivery Status Notification (Failure)
X-Greylist: Delayed for 00:15:09 by milter-greylist-4.0b1 (frontend.colby.edu [137.146.28.72]); Thu, 30 Aug 2007 13:06:06 -0400 (EDT)
X-Colby-MailScanner: ftbc, ftbc, ftbc, ftbc, ftbc, ftbc, ftbc, ftbc, ftbc, ftbc, ftbc, ftbc, ftbc
X-Colby-MailScanner-SpamCheck: spam(no null-header or sender address), , , , , , , , , , , , 
X-Spam-Status: Yes, No, No, No, No, No, No, No, No, No, No, No, No
X-Junkmail-IP-Whitelist: YES (by domain ip whitelist at backend.colby.edu)


More information about the MailScanner mailing list