[Mimedefang] Dealing with backscatter
rlaager at wiktel.com
Tue Aug 28 13:57:39 EDT 2007
On Sun, 2007-08-26 at 12:58 -0700, Kenneth Porter wrote:
> What's the current best practice on dealing with backscatter? Esp. if not
> all outbound mail for your domain goes through your own server. (Eg. some
> mobile users use their local ISP instead of authenticated SMTP.) Any good
> MD recipes for this?
This is from memory. I can dig up the code to answer questions more
specifically, if anyone is interested.
For messages leaving through our servers, we add a tag with a hash of
the sender, timestamp, and a secret (or something like that).
We have a bit in the database to indicate if a domain is supposed to
have all of its mail go through our mail servers. When that bit is set
to zero, we do no filtering.
If it's set to one, we do something that roughly amounts to this for
messages coming from the null sender.
1. Check the subject for known "false positives". If hit, we accept the
message. A number of websites send e-mail (e-cards and the like) from
the null sender.
2. Check the subject for known "bounce message" strings. If hit, we drop
the message unless it has a valid hash in it.
For everything else, we apply SpamAssassin with a threshold of 5 or so
and let it make the decision.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the MIMEDefang