help with backscatter

Matthew Seaman matthew.seaman at thebunker.net
Tue Dec 12 13:20:05 EST 2006 

Chris Harms wrote:

> We are having some trouble with our servers sending out backscatter
> spam.  I realize this is really a Sendmail issue, but if any list
> readers have some insights on the best way to make Sendmail stop sending
> bounces to outside domains, it would be greatly appreciated.

The general approach is that you need to decide if a message is spam or
not *during* the SMTP dialog.  In that case, you can return a 5xx error
code to the sending server directly.  If you decide the message is
spam after you've accepted it your only alternatives are to return a 
bounce-o-gram is to the sender address which as you've found is almost
invariably forged, or to drop the message in the bit-bucket, which is
counter to the letter of the SMTP standards and does nothing to indicate
to the spammers that they should give up and go and do something more
worthwhile.

Sendmail's milter interface allows you to filter messages through AV and
anti-spam filters -- FEATURE(`delay_checks') in your sendmail.mc file is
often useful in that case.  See http://www.sendmail.org/m4/anti_spam.html

Some milters I use:

spamass-milter:  http://savannah.nongnu.org/projects/spamass-milt/
milter-greylist: http://hcpnet.free.fr/milter-greylist/
clamav-milter:   http://www.clamav.net/

FEATURE(greet_pause) in sendmail.mc is also good at weeding out botnet
style mailers.

There's an excellent write up (of a pretty severe spam-filtering setup)
which does a good job of exploring all the various issues at:

http://www.acme.com/mail_filtering/

	Cheers,

	Matthew

-- 
Dr Matthew Seaman                            The Bunker, Ash Radar Station
PGP: 0x60AE908C on servers                   Marshborough Rd
Tel: +44 1304 814800                         Sandwich
Fax: +44 1304 814899                         Kent, CT13 0PL, UK

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20061212/7fe43054/signature.bin

More information about the Info-cyrus mailing list