spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arvid Ephraim Picciani <>
Subject Re: faked bouncebacks. what the?
Date Tue, 13 May 2008 21:23:07 GMT
On Tuesday 13 May 2008 22:45:43 mouss wrote:

> That said, one possibility is this: Some soho have an MSA on a dsl line. 
> a ratwared box inside (or a web service running on the MSA box) sends 
> mail to an invalid recipient. the MSA gets rejected and then sends you 
> an NDR. the MSA is borked enough to helo with the recipient domain, and 
> generates an incomplet NDR.

interesting. and broken enough to use my hostname as From, in the body, helo 
and message id? double backscatter? kindof weird, but if that works it would 
at least just be some coincidence rather then intention.

> PS. The link you posted is no more valid... (I mean

sorry. i replaced the hostname with and will keep it permanently 

On Tuesday 13 May 2008 22:58:52 Matus UHLAR - fantomas wrote:
> To summarize, the original message was a bounce, and it was a backscatter.

are you saying that the definition of "bounceback" is: everything that 
contains the subject line "Undelivered mail", or are you claming that my 
server actually does backscatter.
If you read closely again you will see that the message body claims to be 
generated from me:
"Reporting-MTA: dns;"

and the from is forged:
From: (Mail Delivery Subsystem)

and the helo:

Received: from ([]

it's not a bounceback. It's 100% fake. Not containing any extra content. The 
entire purpose of the message is to look like backscatter.

> I really see no point of speculating who did the spammer want to spam, it
> would change nothing.

oh i do, becouse of exactly my above point. people WILL start claming that 
this is real backscatter and block or score the IP or hostname. 

best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani

View raw message