Paul Schmehl <[EMAIL PROTECTED]> escribió:
--On Thursday, October 16, 2008 09:01:02 -0500 [EMAIL PROTECTED] wrote:
In the last hour, I've received over 200 legitimate bounce messages
from email services as a result of someone having used or worse is
using my email address in spam from multiple windows machines and ip
addresses. The end result is that I am getting the bounce messages.
I'm sure that others on this list have experienced the problem and
maybe have a solution that I don't have.
The messages are allowed through my obspamd/pf and pf smtp bruteforce
blocking rules because they are completely legit.
I guess the work around is to filter them on incoming together with
our local bounce messaages util the spammers get tired of my address.
We call those "bounceback spam". The only solution that I know of
is to tag all outgoing messages with a special header and then check
for that header on all returns and reject those that don't contain
the header. All legitimate bounces would contain the header because
they originated with your MTA.
E.g. X-Bounceback-Check: 0987923874
I have added headers for years but unfortunately these didn't
originate on my servers. My email address was used as the return
address for spam sent from multiple windows machines to .ru addresses.
Thanks for the suggestion, Paul.
ed
The value of the header can be anything you want it to be, and you
can change it periodically if you want to keep statistical data.
--
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
