Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bounced Email - Dealing w/ the Latest Type of Spam?

Posted by Cliff on from the inbox-junk-removal dept.

heretic108 asks: "For 3 years, I've been running a home office EXIM mailserver to handle mails on my 3 personal domains. All had been fine - I'd fastidiously configured EXIM to guard against relaying, and even now receive a clean bill of health from the various relay-checker sites. Spam levels were moderate, and mostly arrested by SpamAssassin and Thunderbird's inbuilt filters, until today. I got up this morning to find 3500+ e-mails in my inbox. All were bounces - spoofed and genuine, and came from a vast variety of IP addresses (eg lots of AOL users' IPs), which indicates they're being sent largely via compromised windows boxen, as well as from inadequately-configured corporate/ISP mailservers which don't bother to check the purported 'from' addresses against the originating domains. This hurricane continues, with 10-30 new incoming spams every minute! I've re-enabled Active Spam Killer, but this is next to useless, since ASK passes all 'bounce' messages, real or otherwise, to the mbox without challenge. I'm hoping to hear from anyone who can share success stories in dealing with such a menace, without undue complication or loss of legitimate mail. Thanks in advance for all your constructive and positive suggestions." It seems that dealing with regular Spam is almost easy in comparison to dealing with its consequences: bounced emails. Does anyone have suggestions, or filters on how to handle bounced e-mail that has resulted from someone using your e-mail address to spam someone else?

5 of 96 comments (clear)

  1. I had this problem once by waynegoode · · Score: 5, Interesting

    I had this problem a few years ago. I received up to 20 messages (bounces, out-of-office, mailbox full, authentication request, etc.) a minute at the peak. In total I received about 100,000 messages over a few weeks before it stopped.

    I called the company spamming and they "took a message". However, I was able to filter them because they were coming to a few specific random accounts, such as vxxylj@sample-domain.com and rtyylhi@sample-domain.com for example.

    I could not find any other way to filter them because it seems that there are several dozen formats for bounces. That made me wish there was a standard format for bounces, or at least a standard subject line or sender address.

  2. newly obligatory twisted Dave Barry quote by Naikrovek · · Score: 5, Funny

    quoted from http://www.miami.com/mld/miamiherald/living/column ists/dave_barry/6649728.htm?1c
    and twisted to change the subject to spam.

    ===

    People do not like spam.

    And how has the spam industry responded to this tidal wave of public hostility? It has issued this statement: "Gosh, if these people really don't want us to email them, then there's no point in our emailing them! We'd only be making them hate us more, and that's just plain stupid! We'll try to come up with a less offensive way to do business."

    No, wait, that's what the spammers would say in Bizarro World, where everything is backward, and Superman is bad, and spammers contain human DNA. Here on Earth, the spammers are claiming they have a constitutional right to email people who do not want to be emailed. They base this claim on Article VX, Section iii, row 5, seat 2, of the U.S. Constitution, which states: "If anybody ever invents the Internet, Congress shall pass no law prohibiting salespeople from using it to completely fill your inbox."

  3. How to fix (Postfix) by fsck! · · Score: 5, Informative
    Can't say how to do this with exim because I've been using Postfix for as long as I can remember. Here's how I get around this:
    show_user_unknown_table_name = no

    smtpd_helo_required = yes

    smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unlisted_recipient,
    reject_unauth_destination,
    reject_unknown_sender_domain,
    reject_rbl_client relays.ordb.org,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client list.dsbl.org,
    check_policy_service inet:127.0.0.1:60000,
    permit

    smtpd_data_restrictions = reject_unauth_pipelining permit

    content_filter = lmtp-amavis:[127.0.0.1]:10024
    This enables greylisting, antivirus via amavis, rejecting unknown users at the SMTP stage, and I also publish SPF records. These together mean I see about 6 junk messages a month to my account. There are about 100 mailboxes on this server, and I they all report about the same level of noise.
  4. Bounce Keys by Anonymous Coward · · Score: 5, Informative

    Basically, you add an encrypted header to all outgoing emails which says "Yes, this email came from this server." Then, when you receive a bounce message, you check for the key. If it has it, it gets through, and if it doesn't, it gets rejected.

    Here's the Exim howto http://psg.com/~brian/software/authbounce/configur e-authbounce.txt

  5. Re:Baysian Spam Filter by fm6 · · Score: 5, Insightful

    So big deal. Writing an effective content-based spam filter isn't hard. Writing an effective content-based spam filter without false positives is just about impossible. If you don't mind missing some of your email, fine. But most of us don't have that luxury.