[Dovecot] help on writing a rule for perventing spam
mouss
mouss at ml.netoyen.net
Sat Jan 24 22:45:20 EET 2009
Giuliano Gavazzi a écrit :
>
> On T 22 Jan, 2009, at 11:49 , Charles Marcus wrote:
>
>> On 1/21/2009, Giuliano Gavazzi (dev+lists at humph.com) wrote:
>>>> The postfix backscatter readme is a good start, esppecially is you are
>>>> using postfix - and if you aren't, why aren't you? ;) ... but the
>>>> concepts can be applied to any MTA...
>>
>>> I don't use postfix, because I use exim...
>>
>> And as I said... the CONCEPTS can be applied to ANY MTA...
>
>
> well, first of all backscatter is not really the issue of this thread.
agreed.
> Secondly the concepts are not all that good.
They are ;-p
> In particular the one
> entitled:
>
> Blocking backscatter mail with forged sender information
>
> that states:
>
> "Like many people I still have a few email addresses in domains that I
> used in the past. Mail for those addresses is forwarded to my current
> address. Most of the backscatter mail that I get claims to be sent from
> these addresses. Such mail is obviously forged and is very easy to stop."
> From what I understand he is rejecting backscatter that is sent to some
> of his old addresses (with an identical forged sender,
Note the "from" in "claims to be sent FROM...".
> but this is
> irrelevant) and from there forwarded to his mail server. Very bad. If
> you have configured forwarding somewhere you must be prepared to accept
> anything from there, or else you will be the cause of backscatter as the
> peer server is a genuine server and not a spambot.
you misunderstooood ;-p
the idea is:
if I get a bounce caused by a message sent with joe at example.com as
sender, and I know joe at example.com is never used as a sender (because I
own that address and I don't use it as a sender), then I can block the
message.
here's another example. while my Reply-To is set to
mouss+nobulk at netoyen.net, I don't use this address in From: or envelope
sender. so if someone bounces a mail supposedly sent from this address,
_I_ know the "original" message was a forgery and I can reject the bounce.
> [snip]
More information about the dovecot
mailing list