Fw: why I love qmail, the spam sump edition

From: W.D.McKinney <deem@wdm.com>
Date: Sat Oct 21 2006 - 21:49:51 AKDT

Here's a nice post :-)
  _____
From: John L [mailto:johnl@iecc.com]
To: qmail list [mailto:qmail@list.cr.yp.to]
Sent: Sat, 21 Oct 2006 13:48:30 -0800
Subject: why I love qmail, the spam sump edition

I get a lot of spam, on the order of 50 to 100,000 a day caught by DNSBLs,
  such as the SBL and XBL and a private blacklist. Rather than let it go to
  waste, I feed copies of it to the FTC's spam fridge and some other places
  that look through it for phish patterns and the like, currently sending it
  to five places.
  
  Rather than overwhelm my regular qmail setup with this high-volume
  low-volume stuff, I have a second copy of qmail called qmail-sump to which
  I divert the spam, using a little QMAILQUEUE shim that rewrites the
  envelope recipients so that no matter how many recipients were on the
  spam, it only sends out one copy.
  
  For forensic reasons, I don't rewrite the bounce address. Now and then
  one of the recipient hosts spits back a message, either because something
  at the recipient system breaks, or because the bounce address is so awful
  that the recipient host gags on it. (Commas and spaces will do that.)
  So my sump was emitting a constant but annoying trickle of blowback spam.
  Yuck.
  
  Fortunately, in about five minutes I was able to adjust my qmail-sump so
  that the bounces all landed in a local file that I can look through and
  then delete. What did I do? A little virtual domains magic:
  
  :alias-bounce
  sump:sump
  firstrecipient.com:
  secondrecipient.org:
  thirdrecipient.net:
  fourthrecipient.au:
  uce.gov:
  
  The first line makes all the bounces and everything else by default go to
  alias-bounce-something, which I catch with ~alias/.qmail-bounce-default.
  The second is the incoming mail to the sump, which is sent to
  originaladdr.ess@sump, which ~alias/.qmail-sump-default remails to the
  five recipients. The rest of the lines un-virtualize the five domains
  that are supposed to get mail. All done.
  
  It's not completely perfect since forged return addresses in those five
  domains will still get blowback, but that's vanishingly rare, and they all
  know who I am and won't get upset.
  
  Oh, I also did some minor hackery to rbldnsd and qmail-smtp so that sump
  mail gets a 5xx at the end of DATA with the DNSBL's diagnostic, and is
  then delivered to the sump anyway. I hoped this might decrease the amount
  of spam, which it hasn't, but in the rare cases that I misdiagnose real
  mail as sump spam, it will at least notify the sender that his mail didn't
  get to the recipient.
  
  Regards,
  John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
  Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
  "I dropped the toothpaste", said Tom, crestfallenly.
  
  PS: I wonder how you do that with sendmail.
    
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Oct 21 21:52:54 2006

This archive was generated by hypermail 2.1.8 : Sat Oct 21 2006 - 21:52:54 AKDT