help with backscatter

Chris Harms chris at cmiware.com
Tue Dec 12 13:54:27 EST 2006


Thank you for the links, this looks to be very helpful.

To those who have kindly told me to go to the Sendmail groups, I suspect 
Cyrus plays a part in our problem.  I'm now fairly certain that our 
access db is misconfigured, with the reason stemming from using 
"To:domain.tld RELAY" as a workaround for Sendmail not delivering to 
Cyrus many moons ago.  I don't think we should need to do this, but I 
distinctly recall it NOT working if we didn't have it in there.  I 
suppose the 'duct tape' is coming unglued now.  I'm currently working on 
putting together a development machine to try out 2.3.7 and removal of 
the aforementioned lines in access db.

Any pointers on whether my hunch about the access file is correct or not 
are welcome.

Matthew Seaman wrote:
> Chris Harms wrote:
>
>   
>> We are having some trouble with our servers sending out backscatter
>> spam.  I realize this is really a Sendmail issue, but if any list
>> readers have some insights on the best way to make Sendmail stop sending
>> bounces to outside domains, it would be greatly appreciated.
>>     
>
> The general approach is that you need to decide if a message is spam or
> not *during* the SMTP dialog.  In that case, you can return a 5xx error
> code to the sending server directly.  If you decide the message is
> spam after you've accepted it your only alternatives are to return a 
> bounce-o-gram is to the sender address which as you've found is almost
> invariably forged, or to drop the message in the bit-bucket, which is
> counter to the letter of the SMTP standards and does nothing to indicate
> to the spammers that they should give up and go and do something more
> worthwhile.
>
> Sendmail's milter interface allows you to filter messages through AV and
> anti-spam filters -- FEATURE(`delay_checks') in your sendmail.mc file is
> often useful in that case.  See http://www.sendmail.org/m4/anti_spam.html
>
> Some milters I use:
>
> spamass-milter:  http://savannah.nongnu.org/projects/spamass-milt/
> milter-greylist: http://hcpnet.free.fr/milter-greylist/
> clamav-milter:   http://www.clamav.net/
>
> FEATURE(greet_pause) in sendmail.mc is also good at weeding out botnet
> style mailers.
>
> There's an excellent write up (of a pretty severe spam-filtering setup)
> which does a good job of exploring all the various issues at:
>
> http://www.acme.com/mail_filtering/
>
> 	Cheers,
>
> 	Matthew
>
>   



More information about the Info-cyrus mailing list