I understand...we got those NDRs as well until
we set it up this way.
Darin.
----- Original Message -----
Sent: Wednesday, June 02, 2004 1:49 PM
Subject: Re: [Declude.Virus] Bounces to encrypted zips
Thanks Darin, but these are NDR's that are being generated by my
own system. My postmaster account is well protected from spam and we do
monitor for false positives, in fact I have about 60 or so domains with abuse,
root and postmaster aliases pointed at the same account and I can't recall the
last piece of spam that it got, nor the last false positive. The only real
E-mail it receives is from these NDR's, auto-replies to NDR's, or personal
messages from people telling me that they never sent me the message, i.e.
"I didn't send a msg to this recipient. Do I have a virus using my
address book?"
Note that I try to send apologies when I get
stuff like this, but I'm not always timely. Thankfully I only see about
one of these or less a week, but I do get close to 300 bounces/NDR's during the
same period and it makes my postmaster account pretty much unusable. I
suppose that I could move it to a different account and kill the messages, but
I'm less concerned about myself than I am about those that are getting these
messages. Before March and the appearance of ZIP-EXE's, the only
bounces/NDR's that this account got were from new undetected viruses during the
first few hours of an outbreak and with Declude's new vulnerability detection,
they should be much less common
now.
Matt
Darin Cox wrote:
Hi Matt,
Here's how we handled the issue.
Set postmaster and abuse aliases to forward to a
monitor account. The monitor account has a vacation message set to tell
the sender that this account is not monitored, and to forward to another
reporting account. The reporting account then gets delivered to support
personnel.
This way we avoid the spam content that slips
through to these common accounts, and don't get swamped with NDRs from forging
viruses.
Obviously this means we have to be more careful
about real NDRs, or other problems, but we monitor our logs to protect
against that.
Darin.
-----
Original Message -----
Sent: Wednesday, June 02, 2004 12:41 PM
Subject: [Declude.Virus] Bounces to encrypted zips
Yesterday my postmaster account got 32 NDR's from my system and
others, and 1 auto-reply. 31 of these 33 messages were from ZIP-EXE's
and RAR-EXE's. I have no clue as to how many of these bounces are for
ZIP-EXE's that are accepted because my log doesn't provide enough information
for me to tell, but I suspect that the real number is one to two times more
than what's getting bounced back at me, though I could be way off. The
messages that are getting bounced back/NDR'd are generally to addresses that
are parsed incorrectly by the virus, such as the ones that Netsky rips from
Message-ID's.
Here's the worst part of this all...18 of the 33
messages were received from NDR's to domains belonging to my own customers
(or close approximations there of), and one was from one of my own
customer's auto-replies. I again have no clue as to how many
actually got delivered, but this is definitely a big problem and it causes
confusion. Yesterday was if anything, a below normal day for NDR's to my
postmaster account.
Please, please, please...I need a solution to
this. I don't know what to do apart from possibly creating a program
alias that parses BanNotify.eml bounce and then creates a new bounce message,
but this level of programming is beyond my immediate skill. IMail rules
don't work because of the way these messages are hooked into the system.
All I really want to do is turn bounces for encrypted archives off (both ZIP's
and RAR's). I've been asking for three months now, and I need to know if
this is going to be resolved soon or if I am going to have to get someone to
program this for me. I view this as a very serious problem and it's bad
enough that I already receive 1.5% of my total traffic from Joe-Job and AV
NDR's without contributing to it with my own
system.
Thanks,
Matt
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|