[SLL] back scatter?
Bill Campbell
bill at celestial.com
Tue May 13 12:36:59 PDT 2008
On Tue, May 13, 2008, billw at onedrous.org wrote:
>Spam on my mail host shot up recently with undeliverable mail, mail sent
>with my email address on the from: line, but, of course, not sent by me.
>
>I was reading freedom-to-tinker.com yesterday and learned that the
>phenomenon is known as backscatter, and that there are good plugins that
>will drop bounces if they didn't originate on my mta.
>
>How are folks on this list dealing with this problem?
Funny you should mention that. Saturday morning I found a metric
tonne of backscatter to my support address (which is completely
unfiltered) from somebody's forged spam run. It lasted about a
day, then went away without any action on my part.
The spam runs normally are sent out via botnets of infected
Windows machines, so there is no specific header that one can use
for filtering other than ``From:'' or ``Sender'' headers with
your address in them, and that don't originate from your site.
The only way I know to minimize problems with this sort of thing
is to use procmail or similar MDA (Mail Delivery Agent) to send
them to /dev/null, or perhaps to route them to an IMAP folder
that may be quickly scanned for subject. One can nuke anything
with ``Barracuda'' in the messages From: address as their default
was to bounce spam back to the forged sender address.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186
Many citizens because of their respect for what only appears to be a law
are cunningly coerced into waiving their rights due to ignorance.
-- U.S. v. Minker
More information about the linux-list
mailing list