What do you do with a bouncing postmaster@?

David Wolfskill david at catwhisker.org
Wed Jul 23 21:36:37 PDT 2003


(OK, so it doesn't *quite* scan like "What do you do with a drunken
sailor?"....)

Most of the time, I make a fairly concientious attempt to report
spam to the custodian(s) of the resource(s) used to vector the spam
to the SMTP server (that I control) in question -- at least, if the
spam arrives in my mailbox (via any of my email aliases), I do.

Accordingly, I have rather little patience when such a notification
is bounced as undeliverable:  as a general rule, I do not allow the
SMTP servers under my control to accept mail from sources if I
cannot notify the custodians of those sources of abuse of their
resources.

However, I realize that there are misguided souls who have seen fit
to block a host using the IP address 63.193.123.122 from acting as
an SMTP client with respect to their SMTP server(s) -- not because
of spam received via that IP address (it's a static assignment, and
has been since August, 1999 -- assigned to my home DSL connection)
-- but because of spam from other addresses in the netblock, or because
tghe hostname associated with the IP address
(adsl-63-193-123-122.dsl.snfc21.pacbell.net) indicates that the person
using it isn't paying enough to be a "serious Internet user," I guess.

Thus, in some cases, I will re-try the notification -- either from
www.baylisa.org or from freefall.freebsd.org.

I just had an "interesting" (think "Chinese curse") such incident:

* I received spam; it was vectored from 12-246-16-195.client.attbi.com
  to www.baylisa.org.

* After verifying that 12-246-16-195.client.attbi.com resolved to the
  IP address that was actually used by the SMTP client (12.246.16.195),
  I sent a standard boiler-plate notification to attbi.com at abuse.net.

* I received a bounce-o-gram from a host named "abuse-garee", informing
  me:

  This is the Postfix program at host abuse-garee.
  
  I'm sorry to have to inform you that the message returned
  below could not be delivered to one or more destinations.
  
  For further assistance, please send mail to <postmaster>
  
  If you do so, please include this problem report. You can
  delete your own text from the message returned below.
  
                        The Postfix program
  
  <raptor at nampo.tci.com>: host north-maroon.tci.com[198.178.8.167] said: 550
      5.7.1 <david at catwhisker.org>... Access denied

* After studying it for a bit -- the domain-less hostnames were a bit
  off-putting -- I satisfied myself that the domain really should be
  tci.com, and sent an inquiry to postmaster at tci.com, asking for an
  explanation.

* That inquiry bounced, with isomorphic symptoms.

* OK, well... blocking tci.com seems a bit overly broad, so I saved the
  bounce-o-gram as a file, used scp to copy it to www.baylisa.org, and
  sent another inquiry (as david at baylisa.org) from www.baylisa.org.

* That inquiry bounced, with isomorphic symptoms.

* Ummm... OK; that seems fairly bad.  I logged in to freefall, and sent
  a (short -- no quoting of anything) inquiry/test to postmaster at tci.com
  from dhw at freebsd.org.

* That inquiry bounced, with isomorphic symptoms.

  At this point, I am beginning to sense a pattern.  :-{

Now, I don't have or use cable TV -- similar to the reasons elucidated
by Chuck Yerkes earlier today -- but my recollection is that AT&T
Broadband was sold to TCI, which was swallowed by Comcast.  The former
might account for the forwarding of mail addressed to attbi.com at abuse.net
to tci.com, and the latter would account for the content of the From:
header ("From: Comcast Forwarded Abuse <david at catwhisker.org>") -- well,
sort of.

Overall, I'm failing to get a warm, fuzzy, feeling of extreme competence
here.  :-(

I could go ahead and block the lot -- attbi.com, tci.com, and
comcast.com -- from the SMTP servers at baylisa.org and catwhisker.org.
(I'm still a bit reluctant to be quite as Draconian with FreeBSD.ORG
as I am with the other two.  Besides, FreeBSD.ORG uses Postfix,
while the others use sendmail.)

I would welcome constructive alternative suggestions for dealing with
the above.

Thanks,
david       (current hat: postmaster at baylisa.org, I suppose)
-- 
David H. Wolfskill				david at catwhisker.org
Based on what I have seen to date, the use of Microsoft products is not
consistent with reliability.  I recommend FreeBSD for reliable systems.



More information about the Baylisa mailing list