On Mon, April 28, 2008 05:00, [EMAIL PROTECTED] wrote: > > Gilbert> We are currently getting alot of this notifications of > Gilbert> non-delivery that are spam. Is there a patch for this or one > on > Gilbert> the way by chance? > > Just train on them as spams. There is no patch necessary.
On a sidenote: at work we are getting a lot of NDR backscatter too. Technically it's not spam, but it's just as bad. The good news is that these NDR's are only sent to our old mail domains, and we are gong to delete those MX records in a couple of days. But in a few months the spammers will learn the new domain... In the old days, you had to change email addresses when you got too much spam. Now you already have to change your entire domain to avoid spam... :( I've been reading a lot in RFC2821 & RFC2822 lately, and now I can speak SMTP fluently. Not many people know this, but it is *extremely* trivial to fake the sender address. Want to know why you get backscatter? * spammers spams a site with fake sender address (your address) * a GOOD mail server refuses the mail inside the SMTP connection, preferably before DATA, at least before putting it in the queue. That way the real spammer gets the bounce. * If the good mail server isn't sure, it accepts the mail, and if it turns out to be spam after all, it silently drops it (like spambayes does). * a BAD mail server (some exchange configurations, also some qmail configs) accepts the mail, puts it in the queue, and closes the SMTP connection. * The bad mail server then sees that the mail is spam, and bounces it. But to where? The SMTP connection, which cannot be forged, is already closed. So it can only rely on the From: header. Which is of course forged. Which is why you get backscatter. Fortunately the NDR backscatter usually stops after 24-48 hours. Either because the spammer is shut down, or because the bad bouncer is shut down by its internet provider. I'm not sure who the bad bouncers are: stupid mail admins who don't know how to properly configure their servers, or accomplices of the spammers who intentionally bounce? Usually Hanlon's Razor applies but in case of spam it might be an inverse Razor... -- Amedee Van Gasse [EMAIL PROTECTED] Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient" 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it on usenet. 3. I may take the contents as representing the views of your company. 4. This overrides any disclaimer or statement of confidentiality that may be included on your message. _______________________________________________ [email protected] http://mail.python.org/mailman/listinfo/spambayes Info/Unsubscribe: http://mail.python.org/mailman/listinfo/spambayes Check the FAQ before asking: http://spambayes.sf.net/faq.html
