Discussion:
Getting hammered by backscatter
Chris Arnold
2008-10-29 22:44:09 UTC
Permalink
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At
the present time, my mailbox is filled with backscatter; getting
around 10 a minute since 4:30 today. I have postfix backscatter rules
in postfix of zimbra, http://www.postfix.org/BACKSCATTER_README.html#real
but still getting pounded. Here is the header from on such mail:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
host relay1.tm.odessa.ua [195.66.204.50]: 511 sorry, no mailbox
here by that name (#5.1.1 - chkuser)

------ This is a copy of the message, including all the headers. ------

Return-path: <***@moderated.com>
Received: from chello089074205165.chello.pl ([89.74.205.165])
by wifi-router.tm.odessa.ua with esmtp (Exim 4.69 (FreeBSD))
(envelope-from <***@moderated.com>)
id 1KvJP6-000Eho-L0
for ***@tm.odessa.ua; Thu, 30 Oct 2008 00:20:42 +0200
Message-ID: <000701c93a14$03bd0ac0$***@weuwrbe>
From: =?koi8-r?B?4c3X0s/Tycog4czT2c7Cwco=?= <***@moderated.com>
To: <***@tm.odessa.ua>
Subject: =?koi8-r?B?5dfSz9DFytPLwdEgzsXExczRIMvB3sXT1NfB?=
Date: Wed, 29 Oct 2008 20:30:54 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0004_01C93A14.03BA381D"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300

This is a multi-part message in MIME format.

------=_NextPart_000_0004_01C93A14.03BA381D
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

Can someone please help me stop this? A while back, there was a thread
that pointed to a website, backscatter.org or something like that,
that we used that since the upgrade did a wonderful job. Anyone
remember that web site?
Karl Pearson
2008-10-30 16:28:19 UTC
Permalink
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At the
present time, my mailbox is filled with backscatter; getting around 10 a
minute since 4:30 today. I have postfix backscatter rules in postfix of
zimbra, http://www.postfix.org/BACKSCATTER_README.html#real but still getting
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
host relay1.tm.odessa.ua [195.66.204.50]: 511 sorry, no mailbox here by
that name (#5.1.1 - chkuser)
Your domain was used as the spoofed 'from' address, so it's technically
not backscatter, but rather bounced email sent to an invalid address.
Since you are the spoofed 'from' address, you are the lucky recipient of
all their bad email addresses. In other words, the spammer got sold a bad
list of email addresses. Too bad for them, worse for you. You could use an
iptables rule (if you are *nix) that would block that domain for a time:

iptables -I INPUT -s 89.74.205.165 -j DROP

but with all the different domains the bounces are probably coming from,
that might be much too tedious to get all of them, unless they targeted
just chello.pl accounts...
------ This is a copy of the message, including all the headers. ------
Received: from chello089074205165.chello.pl ([89.74.205.165])
by wifi-router.tm.odessa.ua with esmtp (Exim 4.69 (FreeBSD))
id 1KvJP6-000Eho-L0
Subject: =?koi8-r?B?5dfSz9DFytPLwdEgzsXExczRIMvB3sXT1NfB?=
Date: Wed, 29 Oct 2008 20:30:54 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0004_01C93A14.03BA381D"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
This is a multi-part message in MIME format.
------=_NextPart_000_0004_01C93A14.03BA381D
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Can someone please help me stop this? A while back, there was a thread that
pointed to a website, backscatter.org or something like that, that we used
that since the upgrade did a wonderful job. Anyone remember that web site?
---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-\\<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson ***@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---
"Our Constitution was made only for a moral and religious people.
It is wholly inadequate to the government of any other."
--John Quincy Adams
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---
Martin Gregorie
2008-10-30 17:13:39 UTC
Permalink
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At the
present time, my mailbox is filled with backscatter; getting around 10 a
minute since 4:30 today. I have postfix backscatter rules in postfix of
zimbra, http://www.postfix.org/BACKSCATTER_README.html#real but still getting
Have you set up SPF records for your domain?

SPF records let the sites bouncing the spam discover that the sender has
been forged by the spammer. SPF can't eliminate all backscatter, but
should at least reduce the size of the barrage.

http://www.openspf.org/ describes SPF and has a tool for creating an SPF
record.

http://www.kitterman.com/spf/validate.html provides additional tools for
testing SPF records.


Martin
Matthew Newton
2008-11-02 23:27:50 UTC
Permalink
Hi,
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At the
present time, my mailbox is filled with backscatter; getting around 10 a
minute since 4:30 today. I have postfix backscatter rules in postfix of
zimbra, http://www.postfix.org/BACKSCATTER_README.html#real but still getting
I don't know how easy it is in Postfix (I use exim, and it's
fairly trivial in that), but one effective solution for this is
BATV.

http://mipassoc.org/batv/

Cheers

Matthew
--
Matthew Newton, Ph.D. <***@le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <***@le.ac.uk>
mouss
2008-11-02 18:14:46 UTC
Permalink
Post by Chris Arnold
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At
the present time, my mailbox is filled with backscatter; getting around
10 a minute since 4:30 today. I have postfix backscatter rules in
postfix of zimbra,
http://www.postfix.org/BACKSCATTER_README.html#real but still getting
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
SMTP error from remote mail server after RCPT
host relay1.tm.odessa.ua [195.66.204.50]: 511 sorry, no mailbox here
by that name (#5.1.1 - chkuser)
------ This is a copy of the message, including all the headers. ------
Received: from chello089074205165.chello.pl ([89.74.205.165])
by wifi-router.tm.odessa.ua with esmtp (Exim 4.69 (FreeBSD))
id 1KvJP6-000Eho-L0
Subject: =?koi8-r?B?5dfSz9DFytPLwdEgzsXExczRIMvB3sXT1NfB?=
Date: Wed, 29 Oct 2008 20:30:54 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0004_01C93A14.03BA381D"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
This is a multi-part message in MIME format.
------=_NextPart_000_0004_01C93A14.03BA381D
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Can someone please help me stop this? A while back, there was a thread
that pointed to a website, backscatter.org or something like that, that
we used that since the upgrade did a wonderful job. Anyone remember that
web site?
you could try

smtpd_restriction_classes =
...
reject_backscatter

smtpd_data_restrictions =
check_sender_access pcre:/etc/postfix/bounce_access

reject_backscatter =
reject_rbl_client ips.backscatterer.org

== bounce_access
/^$/ reject_backscatter
/^mailer\-daemon/ reject_backscatter
/^postmaster@/ reject_backscatter

the check is done at DATA stage to avoid blocking (the abusive) SAV
probes (CBV, callout verification, ... or whatever you name it).


note that this will reject "legitimate" bounces if they are sent from a
client listed on backscatterer.

PS. don't think SPF will help. this has been discussed here and
elsewhere before.
Matthias Leisi
2008-11-02 18:36:15 UTC
Permalink
Post by mouss
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.

-- Matthias
mouss
2008-11-02 18:43:10 UTC
Permalink
Post by Matthias Leisi
Post by mouss
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org. do you get a lot of such mail?
Matthias Leisi
2008-11-02 18:58:55 UTC
Permalink
Post by mouss
Post by Matthias Leisi
Post by mouss
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org. do you get a lot of such mail?
No, an FP is an FP. ips.backscatterer.org lists a lot of perfectly valid
mailservers, and outright blocking at the MTA with that list is a bad idea.

-- Matthias
Sahil Tandon
2008-11-02 20:27:41 UTC
Permalink
Post by Matthias Leisi
Post by mouss
Post by Matthias Leisi
Post by mouss
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org. do you get a lot of such mail?
No, an FP is an FP. ips.backscatterer.org lists a lot of perfectly valid
mailservers, and outright blocking at the MTA with that list is a bad idea.
The above statement is true but does not address the context in which
mouss suggests using the blacklist. If you are checking IPs against the
list *only* for bounces, the chances of FPs is immensely decreased. He
never suggested checking *all* connecting IPs against that list.
--
Sahil Tandon <***@tandon.net>
mouss
2008-11-02 21:28:36 UTC
Permalink
Post by Sahil Tandon
Post by Matthias Leisi
Post by mouss
Post by Matthias Leisi
Post by mouss
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org. do you get a lot of such mail?
No, an FP is an FP. ips.backscatterer.org lists a lot of perfectly valid
mailservers, and outright blocking at the MTA with that list is a bad idea.
The above statement is true but does not address the context in which
mouss suggests using the blacklist. If you are checking IPs against the
list *only* for bounces, the chances of FPs is immensely decreased. He
never suggested checking *all* connecting IPs against that list.
Matthias has apparently missed the check_sender_access part. if not, I
am curious to learn about these "lot of false positives". I don't see
enough "wanted" bounces, so my view is obviously partial/biased.

Note that I am not saying the checks are safe. there will be FPs. so the
checks should only be enabled in case of a bs storm, if ever (should
have said so before. sorry for that).

PS. I personally don't use these checks at this time. not because of
FPs, but because most bs I get is to "forwarded" addresses, when it's
too late to reject.
Benny Pedersen
2008-11-02 19:20:16 UTC
Permalink
Post by mouss
PS. don't think SPF will help. this has been discussed here and
elsewhere before.
SPF helps if its used from the sites that does use spf in mta stage, if not
used it will turn over to be a backscatter site itself

that rbl listed sourceforge.net for backscatter, thats why i stopped using
that rbl long ago, olso its bad to see dsn go out to remote mtas is the
biggest problem mailerdaemons should stay local
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
mouss
2008-11-02 21:18:14 UTC
Permalink
Post by Benny Pedersen
Post by mouss
PS. don't think SPF will help. this has been discussed here and
elsewhere before.
SPF helps if its used from the sites that does use spf in mta stage, if not
used it will turn over to be a backscatter site itself
yes, but I don't have enough optimism to believe that sites that can't
fix their backscatter problem will check SPF (or check anything!) before
sending it ;-p
Post by Benny Pedersen
that rbl listed sourceforge.net for backscatter,
which is why the test is done at data stage instead of rcpt stage. if
done at rcpt stage, it will block sites that do sender verification.
Post by Benny Pedersen
thats why i stopped using
that rbl long ago, olso its bad to see dsn go out to remote mtas is the
biggest problem mailerdaemons should stay local
sorry, I don't understand the last part.
Benny Pedersen
2008-11-02 23:04:11 UTC
Permalink
Post by mouss
Post by Benny Pedersen
that rbl long ago, olso its bad to see dsn go out to remote mtas is the
biggest problem mailerdaemons should stay local
sorry, I don't understand the last part.
i explain badly sorry for that, but when mta bounces mailer daemons msg
outside the mta the config is badly broken
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Andy Spiegl
2008-11-03 14:57:46 UTC
Permalink
Post by Chris Arnold
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin
built-in. At the present time, my mailbox is filled with
backscatter; getting around 10 a minute since 4:30 today. I have
postfix backscatter rules in postfix of zimbra,
http://www.postfix.org/BACKSCATTER_README.html#real but still
getting pounded.
Shouldn't the vbounce ruleset help here?

I'm asking because me and my users have the same problem and I am
currently considering giving the ANY_BOUNCE_MESSAGE a higher score
but I am not sure yet whether it's a good idea or not.

How is your experience with vbounce? Is it safe enough?
(the ML archives don't show too many complaints...)

Anyone out there who raised the score of ANY_BOUNCE_MESSAGE
and did not drown in user complaints? :-)

Thanks,
Andy.
--
There are so many ways to describe success, not the least of which
is the way your child describes you when talking to a friend.
Bob Kinney
2008-11-03 15:13:53 UTC
Permalink
Post by Andy Spiegl
Post by Chris Arnold
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin
built-in. At the present time, my mailbox is filled with
backscatter; getting around 10 a minute since 4:30 today. I have
postfix backscatter rules in postfix of zimbra,
http://www.postfix.org/BACKSCATTER_README.html#real but still
getting pounded.
Shouldn't the vbounce ruleset help here?
I'm asking because me and my users have the same problem and I am
currently considering giving the ANY_BOUNCE_MESSAGE a higher score
but I am not sure yet whether it's a good idea or not.
How is your experience with vbounce? Is it safe enough?
(the ML archives don't show too many complaints...)
Anyone out there who raised the score of ANY_BOUNCE_MESSAGE
and did not drown in user complaints? :-)
It certainly helped in my environment with the user requests, but had
one unfortunate side effect: E-mail forwarded from another account to an
account on our servers was considered a "bounce" because it hit
__BOUNCE_RPATH_NULL.

I ended up modifying that rule as it didn't seem to hit any bounces that
didn't already get hit by the other rules. Otherwise vbounce does a
reasonably good job of marking bounce messages. If you don't have users
forwarding into or out of your mail servers, then you probably don't
have anything to worry about on that front.

If you're just filtering to another folder it won't really change the
fact that messages are coming in though. I've still had a couple of
users complain about their SPAM folders getting 100s of bounce messages
an hour, and in those cases I specifically ended up filtering the SPAM
bounces to the bit bucket.

YMMV, so I recommend testing the rule with the default score (i.e. not
using it to mark SPAM) first.

Regards,
Bob
--
Earl (Bob) Kinney
Manager of Research Computing
Harvard-MIT Data Center
Andy Spiegl
2008-11-03 16:12:21 UTC
Permalink
but had one unfortunate side effect: E-mail forwarded from another
account to an account on our servers was considered a "bounce"
because it hit __BOUNCE_RPATH_NULL.
Uhmm... interesting. What exactly might cause this?
I tried to trigger this behaviour bouncing and forwarding mails from
different accounts but never saw the __BOUNCE_RPATH_NULL tag.
YMMV, so I recommend testing the rule with the default score
(i.e. not using it to mark SPAM) first.
Yepp, that's what I started doing last week. :-)

But I do agree with Karsten (or Guenther?) that we shouldn't raise the
score. But my problem is that I cannot explain to all of my users how
to setup a filter for this SA-tag in their MUA or in smartsieve. They
either can't or don't want to know such deeply technical things. :-(

Thx,
Andy.
--
There is no challenge more challenging
than the challenge to improve yourself. -- Michael F. Staley
Bob Kinney
2008-11-03 18:02:18 UTC
Permalink
Post by Andy Spiegl
Uhmm... interesting. What exactly might cause this?
I tried to trigger this behaviour bouncing and forwarding mails from
different accounts but never saw the __BOUNCE_RPATH_NULL tag.
Might just be our mail server software. It's something we've worked around.
Post by Andy Spiegl
But I do agree with Karsten (or Guenther?) that we shouldn't raise the
score. But my problem is that I cannot explain to all of my users how
to setup a filter for this SA-tag in their MUA or in smartsieve. They
either can't or don't want to know such deeply technical things. :-(
We set up server side filters for SPAM that users can enable or disable,
is this something you could do in your environment? This would
essentially remove the onus from your users to have to configure it
client side.

Regards,
Bob
--
Earl (Bob) Kinney
Manager of Research Computing
Harvard-MIT Data Center
Andy Spiegl
2008-11-03 22:07:01 UTC
Permalink
Post by Bob Kinney
We set up server side filters for SPAM that users can enable or
disable, is this something you could do in your environment?
Uhmmm...not easily I think.
We're using a combination of postfix and AMaViS.
I'd have to plug procmail inbetween somehow...

Thanks,
Andy.
--
No matter how long or how hard you shop for an item,
after you've bought it, it will be on sale somewhere cheaper.
mouss
2008-11-04 07:49:22 UTC
Permalink
[snip]
But I do agree with Karsten (or Guenther?) that we shouldn't raise the
score.
I will be on vacation from 1/2/2345 to 6/7/8901.
will vbounce tag this message?
But my problem is that I cannot explain to all of my users how
to setup a filter for this SA-tag in their MUA or in smartsieve. They
either can't or don't want to know such deeply technical things. :-(
Justin Mason
2008-11-04 09:54:58 UTC
Permalink
Post by mouss
[snip]
But I do agree with Karsten (or Guenther?) that we shouldn't raise the
score.
I will be on vacation from 1/2/2345 to 6/7/8901.
will vbounce tag this message?
Nope ;)

--j.
mouss
2008-11-04 11:38:48 UTC
Permalink
Post by Justin Mason
[snip]
will vbounce tag this message?
Nope ;)
hmmm. It does trigger BOUNCE_MESSAGE here (both my message and your reply):

[71842] dbg: rules: ran one_line_body rule __BOUNCE_OOO_1 ======> got
hit: "I will be on vacation from"
...
[71842] dbg: rules: ran eval rule __HAVE_BOUNCE_RELAYS ======> got hit (1)
...
[71842] dbg: check:
tests=ANY_BOUNCE_MESSAGE,BOUNCE_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS

Am I missing something?
Justin Mason
2008-11-04 12:11:18 UTC
Permalink
Post by mouss
Post by Justin Mason
[snip]
will vbounce tag this message?
Nope ;)
[71842] dbg: rules: ran one_line_body rule __BOUNCE_OOO_1 ======> got
hit: "I will be on vacation from"
...
[71842] dbg: rules: ran eval rule __HAVE_BOUNCE_RELAYS ======> got hit (1)
...
tests=ANY_BOUNCE_MESSAGE,BOUNCE_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS
Am I missing something?
It came via a whitelisted relay, on my setup, as designed.

--j.
mouss
2008-11-04 16:11:34 UTC
Permalink
Post by Justin Mason
Post by mouss
Post by Justin Mason
[snip]
will vbounce tag this message?
Nope ;)
[71842] dbg: rules: ran one_line_body rule __BOUNCE_OOO_1 ======> got
hit: "I will be on vacation from"
...
[71842] dbg: rules: ran eval rule __HAVE_BOUNCE_RELAYS ======> got hit (1)
...
tests=ANY_BOUNCE_MESSAGE,BOUNCE_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS
Am I missing something?
It came via a whitelisted relay, on my setup, as designed.
not sure I understand. all mail you get comes via your whitelisted
relay. so what is the difference between a message I send you that
contains the "I will be ..." and a bounce from my server?


and anyway, my post and your reply were not bounces, whether they came
via a whitelisted relays or not. dunno how the rules could be enhanced
to detect "discussions and quoting" vs real bounces.
Claude Frantz
2008-11-06 05:53:15 UTC
Permalink
In order to reduce backscattering, I'm using an additional milter-regex
on the systems processing outgoing messages. This milter-regex try to
recognize backscattered messages as well as spam marked messages
redirected to addresses outside off the protected perimeter. Although
this method is not perfect because of its limits, it reduces the problem.

Claude
Karsten Bräckelmann
2008-11-03 15:55:49 UTC
Permalink
Post by Andy Spiegl
Shouldn't the vbounce ruleset help here?
Yes, it does. :)
Post by Andy Spiegl
I'm asking because me and my users have the same problem and I am
currently considering giving the ANY_BOUNCE_MESSAGE a higher score
but I am not sure yet whether it's a good idea or not.
It isn't. The question of "raising that score, treating bounces as spam,
and whether it works for others" has been answered a few times before.

General consensus is that backscatter is NOT spam. Everyone answering to
this question did not raise the score, but filters backscatter into a
dedicated mail folder. Treating them as spam is likely to poison your
Bayes DB. Moreover, as you seem to have noticed already, VBounce
identifies backscatter that does not contain the original spam.


VBounce is not intended to flag bounces as spam. It's purpose is to
identify and catch bounces. Hence the low score -- the only reason it
got a non-zero score is, because that would disable the rule. Please
check the archives for threads about the VBounce plugin or backscatter.

Now, here goes one of my favorite quotes, *yet* again:

$ grep -A 2 procmail /usr/share/spamassassin/20_vbounce.cf

# If you use this, set up procmail or your mail app to spot the
# "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move
# messages that match that to a 'vbounce' folder.
Post by Andy Spiegl
How is your experience with vbounce? Is it safe enough?
(the ML archives don't show too many complaints...)
It is reasonably safe and quite efficient. Catches a hell of a lot of
backscatter for me. However, please do note that I have seen it hitting
on legitimate mail, though very rare. Also, some out-of-office auto
responses [1] are just impossible to catch.
Post by Andy Spiegl
Anyone out there who raised the score of ANY_BOUNCE_MESSAGE
and did not drown in user complaints? :-)
According to my memory and the archives: No. :)

guenther


[1] And other auto responses. "This email address has been shut down due
to spam. Please use my new address..." Don't you love those?
--
char *t="\10pse\0r\0dtu\***@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Michelle Konzack
2008-11-07 02:33:51 UTC
Permalink
Hi Chris.

I have gotten over 200.000 of them with more then 2700 MByte...
Now it is reduced to less then 200 backscatter per day.

I am rejecting ANY (!!!) messages coming from <*.ru> and <*.ua> domains
where the "From:" header is from:

MAILER-DAEMON@
postmaster@
noreply@
no-reply@

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Benny Pedersen
2008-11-07 14:26:41 UTC
Permalink
Post by Michelle Konzack
I am rejecting ANY (!!!) messages coming from <*.ru> and <*.ua> domains
ok
http://rfc-ignorant.org/policy-postmaster.php
ok
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
mouss
2008-11-07 18:31:43 UTC
Permalink
Post by Benny Pedersen
Post by Michelle Konzack
I am rejecting ANY (!!!) messages coming from <*.ru> and <*.ua> domains
ok
http://rfc-ignorant.org/policy-postmaster.php
the rfci policy applies to postmaster as a recipient. nobody can force
you to accept mail _from_ postmaster.
Post by Benny Pedersen
ok
Benny Pedersen
2008-11-07 20:27:17 UTC
Permalink
Post by mouss
Post by Benny Pedersen
http://rfc-ignorant.org/policy-postmaster.php
the rfci policy applies to postmaster as a recipient. nobody can force
you to accept mail _from_ postmaster.
how can anyone solve anything when postmasters cant talk together ?

doh
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
RobertH
2008-11-07 23:24:32 UTC
Permalink
Post by Benny Pedersen
how can anyone solve anything when postmasters cant talk together ?
doh
--
Benny Pedersen
*snip* advertisement and link

benny,

do you trust emails from some postmaster at some domain and spend lots of
time answering them?

yeah, right.

and btw benny, please stop spamming us w/ the need more webspace ads
please???

DOH!

- rh
Sahil Tandon
2008-11-08 00:44:19 UTC
Permalink
Post by Benny Pedersen
Post by mouss
Post by Benny Pedersen
http://rfc-ignorant.org/policy-postmaster.php
the rfci policy applies to postmaster as a recipient. nobody can force
you to accept mail _from_ postmaster.
how can anyone solve anything when postmasters cant talk together ?
You miss the point; your link was not appropriate to the question and
mouss simply indicated that.
--
Sahil Tandon <***@tandon.net>
mouss
2008-11-08 19:25:20 UTC
Permalink
Post by Benny Pedersen
Post by mouss
Post by Benny Pedersen
http://rfc-ignorant.org/policy-postmaster.php
you cited rfci which is irrelevant here.
Post by Benny Pedersen
Post by mouss
the rfci policy applies to postmaster as a recipient. nobody can force
you to accept mail _from_ postmaster.
how can anyone solve anything when postmasters cant talk together ?
I don't care if "anyone" or "postmasters" have something to solve or
want to talk to Gether. There is no one by that name here ;-p

you can reach posmaster here. but we reserve the right to block clients
based on policy criteria (such as being listed in zen, rfci, ... etc).

but this doesn't mean we will accept mail from postmaster as something
special. It's actually the opposite. mail from postmaster may be
confused with backscatter. and we don't do much effort to protect
against this because we believe such mail is rare enough to not justify
any special treatment.
Michelle Konzack
2008-11-13 08:55:34 UTC
Permalink
Post by Benny Pedersen
how can anyone solve anything when postmasters cant talk together ?
IF there are legitimate "postmaser" messages from serious domains, they
will go throuh... But I do not like to kommunicate with postmaster from
domains bombing me.

Please note, that my cache hold currently 4783 Domains where only 431
are actively blocked because in the last 7 days the have send me at
least 5 backscatters...

So I do NOT blindely block someone.
It is a question of responsability.

Also, if REALY someone want to contact me, they can go to my website and
the link "Contact" is VERY good visible including a real E-Mail.

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Loading...