[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: different expiration time for DSN

To: Eugene Crosser <crosser@rol.ru>
Subject: Re: different expiration time for DSN
From: James MacKinnon <jmack@phys.ualberta.ca>
Date: Wed, 1 Oct 2003 09:27:15 -0600 (MDT)
cc: zmailer@nic.funet.fi
In-Reply-To: <1064991153.4309.7.camel@ariel.sovam.com>
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
Sender: zmailer-owner@nic.funet.fi

Hi Eugene,

I saw a similar situation, with these silly autogenerated nonsense name 
strings that spammer tools spit out, ie like:

	xzxoasp440, y23giafbp, y624nyzxar, y822wyqj, etc.

Typically these would come in as a result of some email virus forgery 
problem where MX's at remote site send us back bounces of infected
machines' crappy traffic (where the From: line got forged to our domain
by the virus).

I dealt with it this way:

  1) I modified our spam filter to also check on recipient user existence
     - basically, do a query using zmailer's router function and deliver 
       back to the content-filter an additional numerical result:

		0 for OK, -1 for SPAM, -2 for NOUSER

  2) content-filter modified appropriately to deliver an error string
     back to smtpserver in cases of NOUSER:

	'550 5.1.1 User does not exist'

So this way, if a local destination doesn't exist, the SMTP transaction
terminates, and I don't have a queue problem at all, since it's caught
and dealt with in the SMTP chat.

It's a crude hack, but it works. I'm not entirely sure, however if
sending a '550 5.1.1' in the DATA phase instead of the RCPT phase
breaks any fundamentals, but the remote servers seem ok with it 
(as they do send a 'QUIT' :-)

Example:
...
2PUW01526r      MAIL From:<> SIZE=1468 BODY=8BITMIME
2PUW01526w      250 2.1.0 Sender syntax Ok
2PUW01526r      RCPT To:<i_tysonhq@phys.ualberta.ca>
2PUW01526w      250 2.1.5 Ok; can accomodate 1468 byte message for <i_tysonhq@phys.ualberta.ca>
2PUW01526r      DATA
2PUW01526w      354 Start mail input; end with <CRLF>.<CRLF>
2PUW01526#      policyprogram said: -1 550 5.1.1 User does not exist
2PUW01526#      Content-policy analysis ordered message rejection. (code=-1); msg='550 5.1.1 User does not exist'
2PUW01526w      550 5.1.1 User does not exist
2PUW01526r      QUIT


Cheers,
-Jim


On Wed, 1 Oct 2003, Eugene Crosser wrote:

> I wander if it coule be possible to make locally generated DSN reports
> expire much faster than other mail, e.g. after 3 hours instead of 3
> days?..
> 
> Reports about nonexistent local users (in response to "dictionary" spam)
> destined to nondeliverable domains are crowding the SMTP queue.
> 
> Eugene
> 
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi
> 

-- 
James S. MacKinnon           Office: P-139 Avadh-Bhatia Physics Lab
Team Physics                 Voice : (780) 492-8226 [old AC 403]
University of Alberta        email : Jim.MacKinnon@Phys.UAlberta.CA
Edmonton, Canada T6G 2N5     WWW   : http://www.phys.ualberta.ca/

char*f="char*f=%c%s%c;main(){printf(f,34,f,34,10);}%c";main(){printf(f,34,f,34,10);}
for all that we know the universe could cease to exist at any mo

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

Follow-Ups:
- Re: different expiration time for DSN
  - From: Eugene Crosser <crosser@rol.ru> (Wed, 1 Oct 2003 18:54:48 +0300)

References:
- different expiration time for DSN
  - From: Eugene Crosser <crosser@rol.ru>

Prev by Date: subdirs in postman?
Next by Date: Re: different expiration time for DSN
Prev by thread: different expiration time for DSN
Next by thread: Re: different expiration time for DSN
Index(es):
- Date
- Thread