Re: Rejection text
Will Nordmeyer wrote: > > On Wed, 12 Jul 2006, Paul Dudley wrote: >If we decide to reject low grade spam messages rather than >quarantine them, is it possible to add text to the body of the >rejection message? > > Rejecting (bouncing) spam is utterly pointless, as 99% of it will >have > > forged sender information. You will either be sending your notice >to a > > nonexistent address, in which case you get yet more useless traffic back to your server in the form of a bounce of your bounce, or your notice will go to some innocent third party, possibly contributing >to > > an effective DDoS against their email account. -- >>I thought this was about having the MTA saying "555 we dont want that >> >> >spam" at the > > >>end of data phase . >>Whether it can be done at all, and whether the message can be >> >> >changed, depends on the MTA > > >>rather than SA >> >>Wolfgang Hamann >> >> >> >Since MOST (if not all, these days) SPAM comes from invalid/forged >addresses, doesn't that just bog down the email system with SPAM reject >bounces bouncing back to you reporting that the address you were >telling we rejected your SPAM is invalid? > >(I had a user who had a 3rd party program that he'd do that with - I >asked him to stop because when he'd do it, it'd bog down my email >with "invalid recipient" type emails since the person he >was "notifying" was an invalid address). > > Thankfully there are fewer open relays each day, and hence if you reject the message as it's being sent, then the sender is the spammer, and he will know he is failing. With any luck, he might even remove you from the list of addresses that he will try to spam in the future. -Philip
Re: Rejection text
On Wednesday 12 July 2006 06:16, John D. Hardin took the opportunity to write: > Rejecting (bouncing) spam Isn't there any sort of consensus about the terminology? I like to say that "reject" means giving a negative (permanent (5xx) or temporary (4xx)) reply to a command, whereas "bounce" means composing and sending an "undeliverable mail" notification message. Unfortunately RFC 2821 doesn't define the terms. The word "reject" is generally used in the "negative reply" sense, but section 2.4 says "Delivery SMTP systems MAY reject ('bounce') such messages rather than deliver them". THe word "bounce" is used three times in all. The more formal term (though it's not listed in the Terminology section is "to send a notification message", but that is so long... -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgp1PSe9MQwMm.pgp Description: PGP signature
Re: Rejection text
On Wed, 12 Jul 2006, Paul Dudley wrote: > We are using SA 3.0.4. > > If we decide to reject low grade spam messages rather than quarantine > them, is it possible to add text to the body of the rejection message? > > Paul Dudley Assuming you are talking about a true SMTP-reject operation, no. You cannot modify the message as you've not accepted it, so it's not yours to modify. You can customize the SMTP-reject error text but there's no guarantee that the originating sender will actually see it. For example, in the case of Outlook with Exchange, M$ will "balderize" the message and remove any useful info you try to add to the error message. If you do a SMTP-accept of the message and then try to bounce it back to the purported sender, you can make it say anything your heart desires. However as others have already pointed out this is a 'BAD-THING(tm)' to do. Dave -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{
Re: Rejection text
On 12 Jul 2006 [EMAIL PROTECTED] wrote: > >> On Wed, 12 Jul 2006, Paul Dudley wrote: > >> > >> > If we decide to reject low grade spam messages rather than > >> > quarantine them, is it possible to add text to the body of the > >> > rejection message? > >> > >> Rejecting (bouncing) spam is utterly pointless, as 99% of it will have > >> forged sender information. > > I thought this was about having the MTA saying "555 we dont want > that spam" at the end of data phase . We're operating from different assumptions. An SMTP reject is okay, a bounce message reject is not. Note, however, that this may simply be mving the DDoS amplifier from your mail server to whatever mail server is trying to deliver the message to you. *That* server (assuming it's not a spambot) may send a bounce notice to the forged sender address... -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Insofar as the police deter by their presence, they are very, very good. Criminals take great pains not to commit a crime in front of them.-- Jeffrey Snyder --- 12 days until The 37th anniversary of Apollo 11 landing on the Moon
Re: Rejection text
On Wed, 12 Jul 2006 [EMAIL PROTECTED] wrote: > "John D. Hardin" <[EMAIL PROTECTED]> wrote on 12/07/2006 02:16:49 PM: > > > On Wed, 12 Jul 2006, Paul Dudley wrote: > > > > > If we decide to reject low grade spam messages rather than > > > quarantine them, is it possible to add text to the body of the > > > rejection message? > > > > Rejecting (bouncing) spam is utterly pointless, as 99% of it will have > > forged sender information. You will either be sending your notice to a > > nonexistent address, in which case you get yet more useless traffic > > back to your server in the form of a bounce of your bounce, or your > > notice will go to some innocent third party, possibly contributing to > > an effective DDoS against their email account. > > What about rejection of the message during message processing? > Sending back an SMTP error code rather than generation of a > completely new bounce message? Sendmail milter with Mimedefang etc > allows you to do this. That's probably okay as you're still talking to the sending relay and not relying on a probably-forged header. In fact, it would help troubleshooting in certain situations. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Insofar as the police deter by their presence, they are very, very good. Criminals take great pains not to commit a crime in front of them.-- Jeffrey Snyder --- 12 days until The 37th anniversary of Apollo 11 landing on the Moon
Re: Rejection text
> >> On Wed, 12 Jul 2006, Paul Dudley wrote: > >> > >> > If we decide to reject low grade spam messages rather than > >> > quarantine them, is it possible to add text to the body of the > >> > rejection message? > >> > >> Rejecting (bouncing) spam is utterly pointless, as 99% of it will have > >> forged sender information. You will either be sending your notice to a > >> nonexistent address, in which case you get yet more useless traffic > >> back to your server in the form of a bounce of your bounce, or your > >> notice will go to some innocent third party, possibly contributing to > >> an effective DDoS against their email account. > >> > >> -- > > I thought this was about having the MTA saying "555 we dont want that spam" at the > end of data phase . > Whether it can be done at all, and whether the message can be changed, depends on the MTA > rather than SA > > Wolfgang Hamann > Since MOST (if not all, these days) SPAM comes from invalid/forged addresses, doesn't that just bog down the email system with SPAM reject bounces bouncing back to you reporting that the address you were telling we rejected your SPAM is invalid? (I had a user who had a 3rd party program that he'd do that with - I asked him to stop because when he'd do it, it'd bog down my email with "invalid recipient" type emails since the person he was "notifying" was an invalid address).
Re: Rejection text
>> On Wed, 12 Jul 2006, Paul Dudley wrote: >> >> > If we decide to reject low grade spam messages rather than >> > quarantine them, is it possible to add text to the body of the >> > rejection message? >> >> Rejecting (bouncing) spam is utterly pointless, as 99% of it will have >> forged sender information. You will either be sending your notice to a >> nonexistent address, in which case you get yet more useless traffic >> back to your server in the form of a bounce of your bounce, or your >> notice will go to some innocent third party, possibly contributing to >> an effective DDoS against their email account. >> >> -- I thought this was about having the MTA saying "555 we dont want that spam" at the end of data phase . Whether it can be done at all, and whether the message can be changed, depends on the MTA rather than SA Wolfgang Hamann
Re: Rejection text
"John D. Hardin" <[EMAIL PROTECTED]> wrote on 12/07/2006 02:16:49 PM: > On Wed, 12 Jul 2006, Paul Dudley wrote: > > > If we decide to reject low grade spam messages rather than > > quarantine them, is it possible to add text to the body of the > > rejection message? > > Rejecting (bouncing) spam is utterly pointless, as 99% of it will have > forged sender information. You will either be sending your notice to a > nonexistent address, in which case you get yet more useless traffic > back to your server in the form of a bounce of your bounce, or your > notice will go to some innocent third party, possibly contributing to > an effective DDoS against their email account. What about rejection of the message during message processing? Sending back an SMTP error code rather than generation of a completely new bounce message? Sendmail milter with Mimedefang etc allows you to do this. Cheers, Aaron > > -- > John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ > [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] > key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > A weapons registration phase ... 4) allows for a degree of control > to be exercised during the collection phase; 5) assists in the > planning of the collection phase; ... > -- the UN, who "doesn't want to confiscate guns" > --- > 13 days until The 37th anniversary of Apollo 11 landing on the Moon >
Re: Rejection text
On Wed, 12 Jul 2006, Paul Dudley wrote: > If we decide to reject low grade spam messages rather than > quarantine them, is it possible to add text to the body of the > rejection message? Rejecting (bouncing) spam is utterly pointless, as 99% of it will have forged sender information. You will either be sending your notice to a nonexistent address, in which case you get yet more useless traffic back to your server in the form of a bounce of your bounce, or your notice will go to some innocent third party, possibly contributing to an effective DDoS against their email account. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A weapons registration phase ... 4) allows for a degree of control to be exercised during the collection phase; 5) assists in the planning of the collection phase; ... -- the UN, who "doesn't want to confiscate guns" --- 13 days until The 37th anniversary of Apollo 11 landing on the Moon
Rejection text
We are using SA 3.0.4. If we decide to reject low grade spam messages rather than quarantine them, is it possible to add text to the body of the rejection message? Paul Dudley ANL IT Operations Dept. ANL Container Line [EMAIL PROTECTED] ANL DISCLAIMER This e-mail and any file attached is confidential, and intended solely to the named addressees. Any unauthorised dissemination or use is strictly prohibited. If you received this e-mail in error, please immediately notify the sender by return e-mail from your system. Please do not copy, use or make reference to it for any purpose, or disclose its contents to any person.