spam to postmaster

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

spam to postmaster

Reindl Harald-2
am i th eonly one currently receiving a ton of spam with all
sorts of "job vacation" to my postmaster-account all day long?

different sender-IPs so abuse to the providr will not help
much, problem here is via RFC postmaster must not be filtered
and so the spamfirewall does not help in any way

how do other people act with such braindead sh**t?


signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Peter Blair-3
On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald <[hidden email]> wrote:
> how do other people act with such braindead sh**t?

Look into greylisting it.  You'll find that greylisting could very
well deal with most of the bots that things like zen.spamhaus.org
would normally deal with.  And strictly speaking, you're not filtering
it -- just making a policy decision to not accept the transaction
before the DATA section ;)
Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

/dev/rob0
On Fri, Feb 17, 2012 at 03:59:22PM -0500, Peter Blair wrote:
> On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald
> <[hidden email]> wrote:
> > how do other people act with such braindead sh**t?
>
> Look into greylisting it.  You'll find that greylisting could very
> well deal with most of the bots that things like zen.spamhaus.org
> would normally deal with.  And strictly speaking, you're not
> filtering it -- just making a policy decision to not accept the
> transaction before the DATA section ;)

Personally I do not consider strict RFC interpretation to be worth
more than the time it takes to sort through the garbage. All my mail
is subjected to Zen and BRBL blockage (with DNSWL and SWL exceptions
allowed.) Very little spam here since I decided to do that. (Most of
what does get through is to the postmaster addresses, however.)

postscreen/smtpd_reject_footer is a safety net. A real sender can
view that and figure out alternate means of contact. That has not
happened in the time since smtpd_reject_footer was implemented here.

I'd much rather give someone a rejection, than accept their mail and
miss it in a flood of spam.
--
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Reindl Harald-2
In reply to this post by Peter Blair-3


Am 17.02.2012 21:59, schrieb Peter Blair:
> On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald <[hidden email]> wrote:
>> how do other people act with such braindead sh**t?
>
> Look into greylisting it.  You'll find that greylisting could very
> well deal with most of the bots that things like zen.spamhaus.org
> would normally deal with.  And strictly speaking, you're not filtering
> it -- just making a policy decision to not accept the transaction
> before the DATA section ;)

barracuda Spamfirewall does filtering ow whitelisting
noting between

what i do not understand is how fucking stupid
people are spamming to postmaster/abuse-addresses


signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Simon Brereton-2


On Feb 17, 2012 6:14 PM, "Reindl Harald" <[hidden email]> wrote:
>
>
>
> Am 17.02.2012 21:59, schrieb Peter Blair:
> > On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald <[hidden email]> wrote:
> >> how do other people act with such braindead sh**t?
> >
> > Look into greylisting it.  You'll find that greylisting could very
> > well deal with most of the bots that things like zen.spamhaus.org
> > would normally deal with.  And strictly speaking, you're not filtering
> > it -- just making a policy decision to not accept the transaction
> > before the DATA section ;)
>
> barracuda Spamfirewall does filtering ow whitelisting
> noting between
>
> what i do not understand is how fucking stupid
> people are spamming to postmaster/abuse-addresses

Because it's one address guaranteed to see it?

Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Reindl Harald-2


Am 18.02.2012 00:17, schrieb Simon Brereton:

>
> On Feb 17, 2012 6:14 PM, "Reindl Harald" <[hidden email] <mailto:[hidden email]>> wrote:
>>
>>
>>
>> Am 17.02.2012 21:59, schrieb Peter Blair:
>> > On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald <[hidden email] <mailto:[hidden email]>> wrote:
>> >> how do other people act with such braindead sh**t?
>> >
>> > Look into greylisting it.  You'll find that greylisting could very
>> > well deal with most of the bots that things like zen.spamhaus.org <http://zen.spamhaus.org>
>> > would normally deal with.  And strictly speaking, you're not filtering
>> > it -- just making a policy decision to not accept the transaction
>> > before the DATA section ;)
>>
>> barracuda Spamfirewall does filtering ow whitelisting
>> noting between
>>
>> what i do not understand is how fucking stupid
>> people are spamming to postmaster/abuse-addresses
>
> Because it's one address guaranteed to see it?
but usually this exactly the person controls spamfilters
and notifies providers about abuse - so no it is not smart
making noise to the postmaster


signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

dennisthetiger
In reply to this post by Reindl Harald-2
On Sat, 18 Feb 2012, Reindl Harald wrote:

> what i do not understand is how f^&%@#!!$ stupid
> people are spamming to postmaster/abuse-addresses

(bowdlerized for comical effect -ed)

As near as I can tell, the spammers just run under a few assumptions.  RFC
requires one to maintain those addresses and have them point to a
human-readable address, and with this assumption they are considered
viable recipient addresses.

Granted, back in the day, we actually *used* these addresses for the
purpose, but due to this they've become mostly useless in my opinion.

As to why these people would be so stupid to do this, well, consider a
spammer. =(

-Dennis

Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

dennisthetiger
In reply to this post by Reindl Harald-2
On Sat, 18 Feb 2012, Reindl Harald wrote:

> what i do not understand is how &%#^%$@!! stupid
> people are spamming to postmaster/abuse-addresses

Oh.  One other thing - they don't care.  There is no courtesy.  They don't
care if you scream at them, yell at them, because people are paying them
to do this shite, and all they gotta do is conjure up a list of email
addresses.  Even if they're all here on chez-vrolet.net, they just have to
conjure up a list of email addresses and bombard the entire lot.

What amuses me, if anything, is that they think we're angry because we
don't make the money they do.  Personally, I just dislike them because I
don't want their garbage in my email, let alone just press "delete".  I
have better things to do with my time.  But that's just me steering off
topic - sorry.

-Dennis

Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Reindl Harald-2


Am 18.02.2012 02:46, schrieb Dennis Carr:
> On Sat, 18 Feb 2012, Reindl Harald wrote:
>
>> what i do not understand is how &%#^%$@!! stupid
>> people are spamming to postmaster/abuse-addresses
>
> Oh.  One other thing - they don't care.  There is no courtesy.  They don't care if you scream at them, yell at
> them, because people are paying them to do this shite, and all they gotta do is conjure up a list of email
> addresses.  Even if they're all here on chez-vrolet.net, they just have to conjure up a list of email addresses and
> bombard the entire lot.

what i do not understand is that i get three days the same idiot spam mail
about administration part-time job for 3000$ per month to always the
same post-master address in exactly 3 different variants

guess it is the best to setup a sieve-filter trahsing this diretly
on the server by exact subject....


signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Ramprasad-5
In reply to this post by /dev/rob0
On Fri, 2012-02-17 at 15:49 -0600, /dev/rob0 wrote:

> On Fri, Feb 17, 2012 at 03:59:22PM -0500, Peter Blair wrote:
> > On Fri, Feb 17, 2012 at 3:54 PM, Reindl Harald
> > <[hidden email]> wrote:
> > > how do other people act with such braindead sh**t?
> >
> > Look into greylisting it.  You'll find that greylisting could very
> > well deal with most of the bots that things like zen.spamhaus.org
> > would normally deal with.  And strictly speaking, you're not
> > filtering it -- just making a policy decision to not accept the
> > transaction before the DATA section ;)
>
> Personally I do not consider strict RFC interpretation to be worth
> more than the time it takes to sort through the garbage. All my mail
> is subjected to Zen and BRBL blockage (with DNSWL and SWL exceptions
> allowed.) Very little spam here since I decided to do that. (Most of
> what does get through is to the postmaster addresses, however.)
>
> postscreen/smtpd_reject_footer is a safety net. A real sender can
> view that and figure out alternate means of contact. That has not
> happened in the time since smtpd_reject_footer was implemented here.
>
> I'd much rather give someone a rejection, than accept their mail and
> miss it in a flood of spam.

I agree.
When really flooded with spam  , you would probably miss a real abuse
complain. But there are cons of scanning the postmaster messages too.
Most complains too will get hit as spam

I manually delete the spam messages that come to my abuse@ id. but not
before feeding it to a program that automatically creates URI and domain
blacklists. These spammers are then blocked from sending to abuse@
addresses.








Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Jean Bruenn
In reply to this post by Reindl Harald-2
> what i do not understand is that i get three days the same idiot spam
> mail about administration part-time job for 3000$ per month to always
> the same post-master address in exactly 3 different variants
>
> guess it is the best to setup a sieve-filter trahsing this diretly
> on the server by exact subject....

Hello,

I followed the discussion about filtering postmaster@ accounts. I have
to agree, most spam is received on that address. The top-spam accounts
on my servers are abuse@ postmaster@ and webmaster@.

I agree with rob0 as well, I can't go through thousands of mails
manually to check for legitim mails; I guess the best thing you can do
with postmaster@ and similar addresses (even if it might be against the
RFC) would be to use some weaker-filters (for example I wouldn't use
spam-assassin to detect spam, I would however use a virus-scanner).

Then if you take a look at postscreen, how would you disable postscreen
for the postmaster address (thats not possible - and postscreen is some
sort of filter, which means everyone who's using postscreen already
doesn't follow the RFC if postmaster@ should be completly unfiltered)

A better approach _might_ be to reject all mails to postmaster@ with a
message pointing to a contact-form. That way you could also make sure
that users with problems will provide "useful" information (as you can
configure the fields of the contact-form and require specific
information). Something like:

check_recipient_address    ...

postmaster@..    REJECT For complaints please use http://....form.html

--
Jean Bruenn <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Reindl Harald-2


Am 18.02.2012 10:55, schrieb Jean Bruenn:
> A better approach _might_ be to reject all mails to postmaster@ with a
> message pointing to a contact-form. That way you could also make sure
> that users with problems will provide "useful" information (as you can
> configure the fields of the contact-form and require specific
> information).

better not, üeople are usually too stupid reading automated
messages even if they have ordererd a DDSN and get "successful
delivered" they complain per phone:

* why is my mail blocked?
* how sould i smell send me the bounce to postmaster
* well in the "bounce" is "delivery successfull"

really that is no joke and i become the feeling this
is getting worser every day because people are too
stupid/lazy to read and understand anything or why
does somebody complain as another example with
"doe snot work since weeks, i get a error message"
without a single detail about this message *grrr*


signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Patrick Ben Koetter
In reply to this post by Reindl Harald-2
* Reindl Harald <[hidden email]>:

> > Look into greylisting it.  You'll find that greylisting could very
> > well deal with most of the bots that things like zen.spamhaus.org
> > would normally deal with.  And strictly speaking, you're not filtering
> > it -- just making a policy decision to not accept the transaction
> > before the DATA section ;)
>
> barracuda Spamfirewall does filtering ow whitelisting
> noting between
>
> what i do not understand is how fucking stupid
> people are spamming to postmaster/abuse-addresses
spammers get paid per delivery

--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

signature.asc (325 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spam to postmaster

Benny Pedersen
In reply to this post by Reindl Harald-2
Den 2012-02-18 00:14, Reindl Harald skrev:

> what i do not understand is how fucking stupid
> people are spamming to postmaster/abuse-addresses

+1 hello lease web :-)