Can DCC reject mailed-back non-delivery reports?

Vernon Schryver vjs@calcite.rhyolite.com
Mon Aug 27 18:24:13 UTC 2007


> From: Gary Mills 

> We've had a couple of incidents where people's mailboxes have been
> inundated with backscatter because spammers have been forging their
> e-mail address as the sender of spam.  I'm ready to reject all mailed-
> back non-delivery reports, if sendmail could do that, 

In early August my mailbox was hit by up to 1000 backscatter per day 
mostly from Russia and Ukrainian but more than enough from France and
some other usual suspects.

I can't bring myself to reject all SMTP non-delivery reports (NDRs),
because someday one might be valid.  I don't want to reject all mail
from postmaster@ .ru and the other frequently abusive top level domains
because I get occassional legitimate mail from people there using
postmaster return addresses.

However, I have controlled the problem to fewer than half a dozen
per day.  by addeing rules to the .procmailrc file that deals with
backscatter from that junk whose vendors (plural) all seem claim
to be The Industry Leader:

    ISSPAM="/usr/local/bin/dccproc -t many -x0 -R -wwhiteclnt"

    ...

    # Russian and Chinese backscatter
    :0 Hf
    * ^From: .*postmaster@.*\.(ru|ua|su|bg|ee)([> ]|$)
    | $ISSPAM
    :0 HBf
    * ^Subject: .*=\?(windows-1251|koi8-r|GB2312|utf-8)
    | $ISSPAM
    :0 Hf
    * ^Subject: (Return receipt)|(Delivery Status Notification)
    | $ISSPAM
    :0 Hf
    * ^Auto-Submitted: 
    | $ISSPAM
    :0 Bf
    * ^Content-type: .*charset=koi8-r
    | $ISSPAM

The result is that the messages are delivered after being reported
as spam, often more than once because the messages often have
unintelligible (for me) internationalized Subject: lines as well
as return addresses of postmaster@*.ua and so forth.  That increases
the DCC Reputation of the sending IP addresses which tends to largely
control the problem.  I add hopeless cases to the Rhyolite Software
List of Unwelcome Domain Names visible at
http://www.rhyolite.com/anti-spam/bin/group.cgi?group=522
that is part of the sendmail access_db I use.


>                                                       but I'm wondering
> if DCC has a way to do it.  Perhaps DCC could be more selective.

> When the message is delivered here, the interesting headers are:
>
>     Return-Path: MAILER-DAEMON@cc.umanitoba.ca
>     From: Mail Delivery Subsystem <MAILER-DAEMON@smtp08.msg.oleane.net>
>     Message-Id: <200708211700.l7LH0N1O005470@smtp08.msg.oleane.net>
>     MIME-Version: 1.0
>     Content-Type: multipart/report; report-type=delivery-status;
>             boundary="l7LH0N1O005470.1187715623/smtp08.msg.oleane.net"
>     Subject: Returned mail: see transcript for details
>     Auto-Submitted: auto-generated (failure)
>     X-DCC-UofM-Metrics: electra 1033; Body=1 Fuz1=1 Fuz2=1
>
> Is there anything here that DCC can grab onto?

Dccm could use any any of those except the X-DCC header to mark the
message as bulk, but at the possible cost of not receiving legitimate
NDRs.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.