At 12:05 19/10/2004, Simon Lyall wrote:
On Tue, 19 Oct 2004, Simon Byrnand wrote:
To do that though, you would need a foolproof, programatic way of getting an MTA to recognise a Mailwasher forgery and seperately handle it. Has anyone done this yet for any popular MTA's ? It's one thing for a human to be able to look at the headers and spot them reliably, but another for it to be automated. (Think spam filtering - FP's and FN's etc) The overhead would need to be pretty low too, since mailservers have a hard enough time filtering junk as it is...
The message-id has mx1.yourdomain.co.nz as it's host. Also the from address (and the message-id) will use the domain of the customers email address. This is a good way to grep them out of the mail logs.
Ah yes, I remember now... way back when I first discovered mailwasher it was from noticing bounce messages claiming to be from mx1.igrin.co.nz, when there was no such thing.... bit of a giveaway that... :)
So if you bounce emails from a different domain than what customers are using (ie customers use paradise.net.nz for email and the mail servers generate bounces from tsnz.net) then they are pretty easy to spot.
The best trick is to reject emails from MAILER-DAEMON(a)yourdomain.co.nz from customer IPs, or similar. I'm told it even pops up an error to the mailwasher muppet when you do this. If you are really good you could make the error tell them to contact mailwasher support.
Does mailwasher actually use an explicit envelope-sender of MAILER-DAEMON(a)yourdomain.co.nz or does it use an empty envelope-sender as the RFC's dictate for real bounce messages ? (Which is then changed to MAILER-DAEMON or MAILER-DAEMON(a)yourdomain.co.nz in the message headers by your own MTA) If mailwasher does indeed explicitly put MAILER-DAEMON(a)yourdomain.co.nz as the envelope-sender then it would be a simple matter to apply a REJECT rule for that, since any REAL bounce messages from REAL MTA's will have empty envelope-sender addresses.
As aothers having stated the only long term method of fixing the problem is to shift the support costs onto the mailwasher authors.
But in a non-destructive way though. If the above idea works it would be a simple matter to include some text in the REJECT message telling them to contact mailwasher support because your ISP does not support mailwashers bounce feature... :) Alas, when I checked the outgoing queue to find a sample message there is currently not a single mailwasher one, so it seems that the people I've advised not to use it in the past really did take it on board... :) Regards, Simon