Spammers using Abuse account to bypass filters

Need help? Ask here.

Moderator: Moderators

Post Reply
Matchstick
Posts: 4
Joined: Tue Mar 28, 2006 2:59 am

Spammers using Abuse account to bypass filters

Post by Matchstick »

In the last week or so it seems that at least one spammer has decided (sadly correctly) that the way to get their trash past the filters is to send it abuse@<domain> via the rollernet secondary MXes which bypasses all the DNSBL checks I have in place on that domain.

I've read RFC 2421 and while I'm not an expert on these things it seems to says that while an abuse account is required there is nothing to say that it CANNOT be filtered as a last resort.

In fact RFC 2821 goes so far as to say that blocking IS permitted is absolutely necessary (on the postmaster account at least):
"SMTP systems are expected to make every reasonable effort to accept
mail directed to Postmaster from any other system on the Internet.
In extreme cases --such as to contain a denial of service attack or
other breach of security-- an SMTP server may block mail directed to
Postmaster. However, such arrangements SHOULD be narrowly tailored
so as to avoid blocking messages which are not part of such attacks."

Could there not be an option to allow mail filtering to be enabled on role accounts at least temporarily ?

The only other alternative would seem to be to reject all mail sent to my abuse address through rollernet at the primary MX but because of the backscatter issues that's not really an option.
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

The original intention with the postmaster@ and abuse@ addresses being auto-whitelisted is to prevent our servers from ending up on any of the rfc-ignorant.org blacklists. However, we are willing to explore filtering options to prevent abuse of these addresses.
Technical Support support@rollernet.us
Roller Network LLC
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

We can allow abuse@ and postmaster@ to be subject to the filters while still making them mandatory entries in the valid user table. If we have any problem with anyone interpreting this as contrary to the RFCs, we'll revisit the issue.

Alternitavely, we could also make abuse@ and postmaster@ filter failures return a temporary error rather than reject outright.
Technical Support support@rollernet.us
Roller Network LLC
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

postmaster@ and abuse@ have been removed from the filter exception list; any configured filters will now apply.
Technical Support support@rollernet.us
Roller Network LLC
Post Reply