[ Table Of Contents ][ Answer Guy Current Index ] greetings   Meet the Gang   1   2   3   4   5   6   7   8   9   10   11   12 [ Index of Past Answers ]


(?) The Answer Gang (!)


By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and... (meet the Gang) ... the Editors of Linux Gazette... and You!
Send questions (or interesting answers) to The Answer Gang for possible publication (but read the guidelines first)


(?) We send their spam to the Luxury Bitbucket

By Dan Wilder

I've been filtering more agressively. This month's spam bouncing features a 450 to "From: " addresses with domains the MTA can't find in the DNS.
Since lots of spammers use unrepliable "From:" this knocks those guys off. We use a 450 instead of a 550 because a 450 is retryable. If it's just a DNS glitch, the retry goes through.
So the real slimebags use a nonexistant user at a host that exists but for some reason does not accept SMTP connections. That way they pass the "does this host exist" test.
Lots of their mail goes to 10000000 VERIFIED EMAIL ADDRESSES, meaning people like [email protected] who don't work here any more, or [email protected] who never did. These bounce, but our MTA can't raise a connection from the putative source, so they just park on the queue for a week or so.
Every couple of days I go look for new stuff on the queue from MAILER-DAEMON with "Connection refused" errors. Then I add them to a reject file, and henceforth mail claiming to be from anybody at the "From:" domain gets
550 You refuse our connections so we refuse yours
Non-retryable. I figure we don't knock off too many legit domains, since these usually don't keep refusing connections for very long, and MAILER-DAEMON doesn't have much traffic for legit domains anyway.
Each morning I get mailed the list of 100 or so mails that were so refused, and I vette for stuff that might be legit. Mostly it's the same bogus "From:" hammering ten or twenty users at SSC, more than half of whom never existed.


This page edited and maintained by the Editors of Linux Gazette Copyright © 2002
Published in issue 76 of Linux Gazette March 2002
HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/


[ Table Of Contents ][ Answer Guy Current Index ] greetings   Meet the Gang   1   2   3   4   5   6   7   8   9   10   11   12 [ Index of Past Answers ]