Results 1 to 3 of 3

Thread: client-side filtering of backscatter spam?

  1. #1
    bhackett is offline Starter Member
    Join Date
    Nov 2008
    Posts
    1
    Rep Power
    6

    Default client-side filtering of backscatter spam?

    Hi, in the past few days I have been getting a lot of identical bounce messages where someone forged my address as the 'From:' field. These appear as messages in my inbox with 'Undelivered Mail Returned to Sender' as the 'subject' field and 'Mail Delivery System' (MAILER-DAEMON@<my-domain>) as the 'from' field, with a short body indicating nondelivery and the forged email attached.

    I'm using the Zimbra webmail client (unknown version), and am trying to filter these messages out. I have tried filtering on the 'from' field, subject field (I don't care if this filters out all bounce messages, not just spam), the contents of the body or the contents of the attached message. None of these work.

    What it looks like is that bounce messages from MAILER-DAEMON bypass the filters entirely. Is this the case? I'm guessing (but don't know) the backend server is also Zimbra and have no idea what settings it is using. I recognize the way to get these issues resolved is probably 'Contact your email server administrator,' but not being able to filter all inbox messages with the incoming message filters is counterintuitive behavior. Is this behavior intentional?

    Thanks,

    Brian Hackett

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    There's no way to stop this kind of spam in your inbox because the mail is being delivered to the 'correct' person, i.e. you. The only method to stop backscatter (or NDR) spam is on the server itself and you should inform your mail administrator about this.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    deepblue is offline Partner (VAR/HSP)
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    222
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    There's no way to stop this kind of spam in your inbox because the mail is being delivered to the 'correct' person, i.e. you. The only method to stop backscatter (or NDR) spam is on the server itself and you should inform your mail administrator about this.
    Hi phoenix,

    I have 2 comments on that. The first is, that you say, that the backscatter/NDR should be stoped on the server itself.
    I would like to know, how this could be done as I think it is exceptionally difficult to stop backscatter on the server....

    The second comment is: there are at least some chances to filter backscatter on the account level:
    Create a Mail Filter, select "Header Named" insert "return-path" and select "does not exist" and put all matching mails
    in the Trash folder and do not apply any additional filters.
    This filter will match on any Bounce/NDR - not only on the backscatter.
    You will see, that this filter works pretty well - not perfect though...

    The idea behind the filter is, that Bounces/NDRs provide an empty (<>) envelope-From address to make it
    impossible to generate a NDR for a NDR (which could lead to infinitive NDR-loops). But there are so many broken
    SMTP engines out there, that generate broken NDRs which will not be cought by that filter.

    Regards
    Thomas

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 05-14-2008, 05:16 AM
  2. can't you help me
    By iwan siahaan in forum Administrators
    Replies: 6
    Last Post: 12-17-2007, 06:53 PM
  3. Filtering w/o web client
    By PhilF in forum Administrators
    Replies: 0
    Last Post: 09-07-2007, 06:06 AM
  4. Order of operations - SPAM and filtering
    By SpEnTBoY in forum Administrators
    Replies: 0
    Last Post: 04-24-2007, 06:01 AM
  5. Replies: 2
    Last Post: 12-20-2006, 08:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •