backscatter problem {Scanned by Allteks Mailsafe}
Philip Zeigler
philip at zeiglers.net
Fri Mar 28 17:46:41 GMT 2008
Simon Jones wrote:
>
>
> On 28/03/2008, *Paul Houselander (SME)* <housey at sme-ecom.co.uk
> <mailto:housey at sme-ecom.co.uk>> wrote:
>
> >Hi all, anyone help with some good rules to combat backscatter
> email?
> i seem to have a real problem with this at the moment, mostly bouncing
> back from .ru domains to my customers. i'm sure a ruleset will
> help but
> i'm not certain what would >be best, header checks or something in the
> spam rules?
> >
> >thanks
> >
> >SMJ
>
> >>The solutions depends on your MTA, if you are using sendmail
> check this:
> >>
> >>http://elqui.dcsc.utfsm.cl/util/email/backscatter.html
> >>
> >>And this:
> >>
> >>http://www.spamcop.net/fom-serve/cache/329.html
> >>
> >>If you are using postfix check this:
> >>
> >>http://www.postfix.org/BACKSCATTER_README.html
> >>
> >>If you have another MTA just google "mta+backscatter" and you'll
> find
> >>tons of information.
>
> I think most of the suggestions are to use something like
> milter-ahead to
> reject invalid users, however since the beginning of the week ive been
> seeing more and more backscatter targeted at valid aliases in
> which case
> recipient verification will not make any difference.
>
> I spent a while yesterday looking at the watermark feature of
> mailscanner,
> if your customers send their outbound e-mail via a server you
> control it
> works a treat.
>
> Only problem I can see is it seems to incorrectly flag, read
> receipts and
> some out of office replies (which I think has been discussed quite
> a bit on
> this list) but I personally think it's a small price to pay for a
> clean
> inbox!
>
> An alternative that I was using was I use mimedefang as while as
> mailscanner, I wrote a mimedefang filter to reject all bounces for
> certain
> domains that were being targeted, not really a great ideal as I
> understand
> it breaks certain RFC's but was the only way I could control mail
> flow on my
> servers.
>
> Good Luck
>
> Paul
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> Thanks Paul,
>
> mmm, that's the problem isn't it - valid addresses! I've seen this
> increase a LOT this week it's nice to know i've not been the only one.
>
> I think milter-ahead is a sendmail app isn't it? I used to use that a
> few years ago before switching to postfix (it's easier to administer!)
> I played around with some of snertsoft's filters back then and they
> seemed to work really well.
>
> I'm sure I can crack this with some sort of rule set, anyways I'll
> keep plugging away but any comments are really appreciated.
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
I'm also seeing a big backscatter issue on 2 of the domains I
administer. I looked at using the watermarking feature built into
mailscanner. It is all going to a valid user so milter-ahead isn't a
factor. The watermarking is flagging the backscatter as spam but it is
also flagging all generated responses. For example, one internal user
(we scan all email) sent another internal user an email with a .exe
attachment. The mailscanner generated message that says that the email
was rejected due to the bad filename apparently does not have a
watermark or sender address so it gets flagged as spam. Not sure why it
is not getting a watermark.
Philip Zeigler
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list