From: KPJ (kpj@sics.se)
Date: Mon May 20 2002 - 07:26:15 MDT
It appears as if Robert J. Bradbury <bradbury@aeiveos.com> wrote:
|
|On Sun, 19 May 2002, Christian Weisgerber wrote:
|
|> I advise against bouncing spam. The bounce will not get back to
|> the spammer. It may be undeliverable, just disappear somewhere,
|> or end up at another victim.
|
|As I understand it -- if sendmail is sending to procmail and
|the procmail fails (due to the SpamBouncer restrictions) it notifies
|the sender immediately (during the send process) and they receive
|a transmission failure notice in the error 500/501 class.
|So a "bounce" is different from a "return" to the return
|address (which they ignore). It is instead rejected at
|the sending level. If spamers are "intelligent" (no assertions
|that that is the case) then they should cease sending to
|systems that bounce at this level because it is a waste
|of their resources.
Spammers don't send directly from their own site: they send through relay
sites, and most of the relays don't have any postmaster/abuse department
looking at bounce messages.
A temporary failure (code 4xx) will make the stuff pile up at the relay site.
A permanent failure (code 5xx) will trigger the return-to-sender (depeding on
you site, sendmail either sends a message to the faked return-address or to
the `Errors-To:' clause). In any case, the bounce message will not reach the
spammer, but becomes somebody else's problem.
I suggest the nasty 4xx version: "Sorry, can't take it at this time, but try
again later." You site won't have to deal with the thrash, but the relay
will notice the diminishing disk space, and will probablt even do something
about the problem.
That, and telling the relay about the errors of their ways, might help.
Here is a template a complain letter (fill in with relevant stuff instead of
the <BLA BLA> tags):
-=--=--=--=--=- 8< =--=--=--=--=--=--=--=- 8< =--=--=--=--=--=--=- 8< =--=--=-
To: postmaster@<RELAY>, abuse@<RELAY>,
postmaster@<ISP>, abuse@<ISP>
cc: postmaster@<YOUR SITE>
From: <WHOEVER>
Subject: SPAM: [<IP NUMBER>]:<COUNT>
X-Message-Flag: "SPAM complaint"
--------
Hello.
We received unsolicited e-mail ("SPAM") from your site (see Appendix).
Read the parts marked [X] below:
[ ] Your site have been added to our list of sites which we refuse
to accept connections from. Bye.
[ ] Your site appears to be the source of the e-mail. Stop it.
We do not wish to receive such e-mail in the future. If you
continue to send them, we will turn off any connections from
your network in our router. We will also inform the owners
of any forged e-mail address and/or domains used in the e-mails.
They will undoubtly wish to take action against your organization.
If you continue to send SPAM to us, we will have to add your network
to our list of sites which we refuse to accept connections from.
[X] Your site appears to allow e-mail relaying. Stop it, please.
If your mail server allows anybody on the Internet to relay e-mail
through your site, it means that your site's resources (CPU time
and disk space) will be used by others to send unsolicited e-mail
to rest of the world. You will receive countless complaints from
people who receive these e-mails, as they believe you sent them
the e-mails. Your organization will lose goodwill.
If you want more info about this and other e-mail problems, point your
web browser at
http://www.sendmail.org/
Regards,
/<WHOEVER>
<SIGNATURE>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A P P E N D I X. U n s o l i c i t e d e - m a i l
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
<THE COMPLETE SPAM MESSAGE, ESP. THE HEADERS>
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
-=--=--=--=--=- 8< =--=--=--=--=--=--=--=- 8< =--=--=--=--=--=--=- 8< =--=--=-
Oh yes, lots of idi.. uhm, mail server people use Outlook/Exchange servers,
and they need hand holding. Fortunately, even M:cros-ft has noticed that
their software does not work well without some tweaking, so their exists a
web page on how to make their software follow the RFC's.
Death to spam!
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:14:13 MST