Re: Dealing with s-p-a-m "backscatter"

[Jesse Thompson <jesse.thompson () DOIT WISC EDU>]

Russell Fulton wrote:
> Ian McDonald wrote:
> > > > Has anyone come up with a more creative way to block the spam
> > > > backscatter while allowing the legit non-delivery SMTP notifications to
> > > > come through?
> >
> >
> > MailScanner can add a watermark to each outgoing message (derived from a
> > secret you configure), so that they appear in legitimate notifications.
> > It can hence bin non-legit ones inbound :) .
> >
> > http://www.mailscanner.info/MailScanner.conf.index.html#Add%20Watermark
> >
> > I presume similar functionality is available in other packages, but I
> > noticed it in MailScanner.
> It would be difficult to retrofit I suspect.  The idea is straight
> forward enough -- add an X-watermark header that is an MD5 of the
> message id concatenated with a secret, then check for it in the headers
> of returned mail and dump the bounce if a/ it is missing or b/ it does
> not match.
>
> Hmmm.... given that this is automated spam we are talking about simply
> dropping bounces of messages that don't have the right format of message
> id may work...  any one looked at doing that in either postfix or sendmail.

A lot of backscatterers don't conform and won't attach the original
message, so you'll have to make the choice between dropping these DSNs
or letting them through.  There are fewer of these non-conforming DSNs,
so the conservative approach would be to let them through and deal with
the conforming DSNs first.

For the conforming DSNs, it would probably suffice (and would be a lot
easier to implement) to use a static value in the x-header.
Alternatively, just look for a tell-tale regex in the Received headers
of the attached message.

Jesse

--
  Jesse Thompson
  Email/IM: jesse.thompson () doit wisc edu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature