watermarking and spam mail loops?

Jeff A. Earickson jaearick at colby.edu
Thu Aug 30 20:30:04 IST 2007 

On Thu, 30 Aug 2007, Scott Silva wrote:

> Date: Thu, 30 Aug 2007 12:23:02 -0700
> From: Scott Silva <ssilva at sgvwater.com>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: mailscanner at lists.mailscanner.info
> Subject: Re: watermarking and spam mail loops?
> 
> Jeff A. Earickson spake the following on 8/30/2007 10:38 AM:
>> Gang,
>> 
>> I'm trying to understand watermarking from the list archives
>> (I took a month off the list), and I don't get it.  It looks
>> like it might be useful for killing spam-caused mail loops
>> between my front-end sendmail/MailScanner mail-relay and my
>> backend local-delivery box.  The scene is:
>> 
>> 1) spammer with bogus return sends to a nonexistent Colby
>>    email address.
>> 2) if MailScanner doesn't kill it as spam, it gets relayed
>>    onto the backend system, who doesn't know the recipient.
>> 3)  the backend system is configured to send all non-local
>>    email to the front-end box, who sees that it is supposed
>>    to go to nonexistent Colby address, sent to the back-end,
>>    return to step 2 until 26 hops have been hit.  Then drop
>>    in postmaster's lap.
>> 
>> The summary of mail headers is below.  I notice that the 
>> X-Colby-MailScanner-Watermark is different on every iteration.
>> Can watermarking be used to kill this mail loop early on?
> Snip...
> There is a big minus to using the watermark. If you have users using Outlook 
> or have an exchange server, the read receipts get marked as spam.

We don't run Exchange on the backend and we don't support Outlook as an
email client, so this sounds like a plus to me. :)

>
> Shouldn't you have your frontend box do a recipient verify to the internal 
> box and drop the mail to non-existent users? That way you drop the connection 
> and don't have to worry about bounces.
>
I've installed smf-sav recently, but I really need milter-ahead or
some (free) alternative.  What I would really like the sendmail
front-end to do is simply see if the user is in /etc/passwd, if not
then drop.  My front-end has a complete list of my users there.

Jeff Earickson
Colby College

More information about the MailScanner mailing list