[Dovecot] help on writing a rule for perventing spam

mouss mouss at ml.netoyen.net
Sat Jan 24 22:45:20 EET 2009


Giuliano Gavazzi a écrit :
> 
> On T 22 Jan, 2009, at 11:49 , Charles Marcus wrote:
> 
>> On 1/21/2009, Giuliano Gavazzi (dev+lists at humph.com) wrote:
>>>> The postfix backscatter readme is a good start, esppecially is you are
>>>> using postfix - and if you aren't, why aren't you? ;) ... but the
>>>> concepts can be applied to any MTA...
>>
>>> I don't use postfix, because I use exim...
>>
>> And as I said... the CONCEPTS can be applied to ANY MTA...
> 
> 
> well, first of all backscatter is not really the issue of this thread.

agreed.

> Secondly the concepts are not all that good.

They are ;-p

> In particular the one
> entitled:
> 
> Blocking backscatter mail with forged sender information
> 
> that states:
> 
> "Like many people I still have a few email addresses in domains that I
> used in the past. Mail for those addresses is forwarded to my current
> address. Most of the backscatter mail that I get claims to be sent from
> these addresses. Such mail is obviously forged and is very easy to stop."
> From what I understand he is rejecting backscatter that is sent to some
> of his old addresses (with an identical forged sender,

Note the "from" in "claims to be sent FROM...".

> but this is
> irrelevant) and from there forwarded to his mail server. Very bad. If
> you have configured forwarding somewhere you must be prepared to accept
> anything from there, or else you will be the cause of backscatter as the
> peer server is a genuine server and not a spambot.

you misunderstooood ;-p

the idea is:

if I get a bounce caused by a message sent with joe at example.com as
sender, and I know joe at example.com is never used as a sender (because I
own that address and I don't use it as a sender), then I can block the
message.

here's another example. while my Reply-To is set to
mouss+nobulk at netoyen.net, I don't use this address in From: or envelope
sender. so if someone bounces a mail supposedly sent from this address,
_I_ know the "original" message was a forgery and I can reject the bounce.


> [snip]


More information about the dovecot mailing list