Undeliverable mails - SpamAssassin

This is a discussion on Undeliverable mails - SpamAssassin ; ...

+ Reply to Thread
Results 1 to 14 of 14

Thread: Undeliverable mails

  1. Re: Undeliverable mails


  2. Re: Undeliverable mails


  3. Undeliverable mails

    I'm not sure if this can even be handled, but I thought I'd put it out there.

    Someone is using our email address to originate spam. We are getting bombed with "Mail undeliverable" etc. messages from failed spam delivery attempts. This morning I check my inbox and found almost 100 of these since last night.

    I'm not sure what can be done about this. I'm a bit squeamish about just knocking this stuff out in procmail.

    Does anyone have any suggestions?


  4. Re: Undeliverable mails


    On Wed, June 4, 2008 16:04, Jack Gostl wrote:

    > Does anyone have any suggestions?


    http://old.openspf.org/wizard.html?m...m&submit=Go%21

    could be a start

    and use pypolicyd-spf for testing

    and if you get mails from remote postmaster@example.tld then contackt them if
    recived path match domain

    undelivered mails is remote problems


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


  5. RE: Undeliverable mails

    That's exactly what VBounce is for. If a bounce message does not contain
    your MTA, it's either backscatter (safe to delete) or useless (from AOHell,
    for example). If you can't track the source, you don't need to see it. I get
    about 10 legitimate bounces a day, and VBounce takes care of about 200
    backscatter.

    I can read 10 messages, I can't read 200. The bounces I see are usually due
    to messages sent by my webserver (password request) by folks who type their
    email address incorrectly. The Backscatter was a big problem until I started
    using the VBounce rules.

    Trying to educate the sysadmins producing the backscatter is a hopeless
    cause (imo).

    Dan

    _____

    From: Jack Gostl [mailto:gostl@argoscomp.com]
    Sent: Wednesday, June 04, 2008 10:05 AM
    To: spam
    Subject: Undeliverable mails


    I'm not sure if this can even be handled, but I thought I'd put it out
    there.

    Someone is using our email address to originate spam. We are getting bombed
    with "Mail undeliverable" etc. messages from failed spam delivery attempts.
    This morning I check my inbox and found almost 100 of these since last
    night.

    I'm not sure what can be done about this. I'm a bit squeamish about just
    knocking this stuff out in procmail.

    Does anyone have any suggestions?



  6. RE: Undeliverable mails


    On Wed, June 4, 2008 16:45, Dan Barker wrote:

    > Trying to educate the sysadmins producing the backscatter is a hopeless
    > cause (imo).


    first problem to solve is bounce and not reject

    if sysadmins wonder why there server bounces alot of mail we could reduce the
    problem there

    maybe i am ignorant on that spf is helpfull it is when used, but if not used
    its not much help :/


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


  7. Re: Undeliverable mails


    ----- Original Message -----
    From: "Benny Pedersen"
    To:
    Sent: Wednesday, June 04, 2008 3:17 PM
    Subject: Re: Undeliverable mails


    >
    > On Wed, June 4, 2008 16:04, Jack Gostl wrote:
    >
    >> Does anyone have any suggestions?

    >
    > http://old.openspf.org/wizard.html?m...m&submit=Go%21
    >
    > could be a start


    i looked over the above and my server seems to conform but it still scores
    low on an example email.

    X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on my.mailserver.net
    X-Spam-Level: ***
    X-Spam-Status: No, score=3.6 required=4.5 tests=ANY_BOUNCE_MESSAGE,AWL,
    BAYES_99,BOUNCE_MESSAGE autolearn=no version=3.2.4

    Mark

    > and use pypolicyd-spf for testing
    >
    > and if you get mails from remote postmaster@example.tld then contackt them
    > if
    > recived path match domain
    >
    > undelivered mails is remote problems
    >
    >
    > Benny Pedersen
    > Need more webspace ? http://www.servage.net/?coupon=cust37098
    >
    >



  8. Re: Undeliverable mails


    On Wed, June 4, 2008 17:11, mouss wrote:

    > If they can't configure their system to reject invalid recipients at
    > smtp time, there is no hope that they will setup SPF checking correctly!


    it was olso my conclusion after i have writed it :-)


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


  9. Re: Undeliverable mails

    On Wed, 4 Jun 2008, Obantec Support wrote:

    > i looked over the above and my server seems to conform but it still scores
    > low on an example email.
    >
    > X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on my.mailserver.net
    > X-Spam-Level: ***
    > X-Spam-Status: No, score=3.6 required=4.5 tests=ANY_BOUNCE_MESSAGE,AWL,
    > BAYES_99,BOUNCE_MESSAGE autolearn=no version=3.2.4


    VBOUNCE is not intended to mark bounces as spammy by itself, it's intended
    to _identify_ them. In your delivery chain post-SA you'd look for
    ANY_BOUNCE_MESSAGE in X-Spam-Status and then either deliver to a "bounces
    for review" folder, or drop the message.

    You could, however, add a meta-rule that adds points for messages hitting
    both ANY_BOUNCE_MESSAGE and BAYES_99, if you trust your bayes. I'd say
    that's a pretty good indicator of a bounced spam.

    Perhaps:

    meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE && BAYES_99)
    score BOUNCED_SPAM 4.0

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    A sword is never a killer, it is but a tool in the killer's hands.
    -- Lucius Annaeus Seneca (Martial) 4BC-65AD
    -----------------------------------------------------------------------
    14 days until SWMBO's Birthday


  10. Re: Undeliverable mails

    On Wednesday, June 4, 2008, 7:04:50 AM, Jack Gostl wrote:
    > I'm not sure if this can even be handled, but I thought I'd put it out there.


    > Someone is using our email address to originate spam. We are
    > getting bombed with "Mail undeliverable" etc. messages from
    > failed spam delivery attempts. This morning I check my inbox
    > and found almost 100 of these since last night.


    > I'm not sure what can be done about this. I'm a bit squeamish
    > about just knocking this stuff out in procmail.


    > Does anyone have any suggestions?



    Check out Justin's blog:

    http://taint.org/2007/01/10/141434a.html

    > taint.org: Justin Mason’s Weblog
    > How to deal with joe-jobs and massive bounce storms
    >
    > January 10, 2007 at 2:14 pm
    >
    > As I’ve noted before, we still have a major problem with sites
    > generating bounce/backscatter storms in response to forged mail
    > — whether deliberately targeted, as a “Joe-Job”, or as a
    > side-effect attempts to evade over-simplistic sender address
    > verification as seen in spam, viruses, and so on.

    [...]


    It helped us.

    Jeff C.
    --
    Jeff Chan
    mailto:jeffc@surbl.org
    http://www.surbl.org/


  11. Re: Undeliverable mails

    Am 2008-06-04 10:45:20, schrieb Dan Barker:
    > I can read 10 messages, I can't read 200. The bounces I see are usually due
    > to messages sent by my webserver (password request) by folks who type their


    What about updating your Webserver script first,
    to let users type the password twice?

    Greetings
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


    --
    Linux-User #280138 with the Linux Counter, http://counter.li.org/
    ##################### Debian GNU/Linux Consultant #####################
    Michelle Konzack Apt. 917 ICQ #328449886
    +49/177/9351947 50, rue de Soultz MSN LinuxMichi
    +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFIRzOeC0FPBMSS+BIRAtXyAJ9b+FA6zFCyxPzZe1CGAS 8uXzGnRwCgxkQs
    2apLzMH5Qvo2Zs8P3ktDzP4=
    =NX5G
    -----END PGP SIGNATURE-----


  12. Re: Undeliverable mails


    On Wed, 2008-06-04 at 18:24 +0200, Benny Pedersen wrote:
    > On Wed, June 4, 2008 17:11, mouss wrote:
    >
    > > If they can't configure their system to reject invalid recipients at
    > > smtp time, there is no hope that they will setup SPF checking correctly!

    >
    > it was olso my conclusion after i have writed it :-)
    >


    You might be surprised , but that is not exactly true. I have seen a lot
    of backscatter from Cisco Ironports.
    Most Ironport boxes dont do any address verification at the time
    accepting mail, and then send NDR's. But if these are getting SPF fail,
    then these messaged may get discarded as spam ( I assume )

    And this may happen with a lot of other outsourced antispam vendors too


  13. Re: Undeliverable mails

    ----- Original Message -----
    From: "John Hardin"
    To: "Obantec Support"
    Cc:
    Sent: Wednesday, June 04, 2008 6:06 PM
    Subject: Re: Undeliverable mails


    > On Wed, 4 Jun 2008, Obantec Support wrote:
    >
    >> i looked over the above and my server seems to conform but it still
    >> scores low on an example email.
    >>
    >> X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
    >> my.mailserver.net
    >> X-Spam-Level: ***
    >> X-Spam-Status: No, score=3.6 required=4.5 tests=ANY_BOUNCE_MESSAGE,AWL,
    >> BAYES_99,BOUNCE_MESSAGE autolearn=no version=3.2.4

    >
    > VBOUNCE is not intended to mark bounces as spammy by itself, it's intended
    > to _identify_ them. In your delivery chain post-SA you'd look for
    > ANY_BOUNCE_MESSAGE in X-Spam-Status and then either deliver to a "bounces
    > for review" folder, or drop the message.
    >
    > You could, however, add a meta-rule that adds points for messages hitting
    > both ANY_BOUNCE_MESSAGE and BAYES_99, if you trust your bayes. I'd say
    > that's a pretty good indicator of a bounced spam.
    >
    > Perhaps:
    >
    > meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE && BAYES_99)
    > score BOUNCED_SPAM 4.0


    how do i impliment the above?

    Mark

    > --
    > John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    > jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    > -----------------------------------------------------------------------
    > A sword is never a killer, it is but a tool in the killer's hands.
    > -- Lucius Annaeus Seneca (Martial) 4BC-65AD
    > -----------------------------------------------------------------------
    > 14 days until SWMBO's Birthday
    >
    >



  14. Re: Undeliverable mails


    On Thu, June 5, 2008 10:10, Obantec Support wrote:

    >> meta BOUNCED_SPAM (ANY_BOUNCE_MESSAGE && BAYES_99)
    >> score BOUNCED_SPAM 4.0

    > how do i impliment the above?


    put them in user_prefs or local.cf


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


+ Reply to Thread