Greg Hewgill (ghewgill) wrote,
Greg Hewgill

poor man's srs

I've been getting an incredible amount of junk bounce messages from email worms. These usually come from the worm sending a message with my email in the From field and a bogus address in the To field. The receiving mail server dutifully returns the message to me, as if I had sent it. I quickly got tired of manually inspecting and deleting these, so I set up a procmail rule to route them to a 'bounce' folder:

* ^Return-Path: (<>|MAILER-DAEMON@)

After setting this up I never really looked in that folder, so I would miss the possibility of receiving a legitimate bounce message (for example, if a message I actually sent was undeliverable for some reason). After reading about Sender Rewriting Scheme, I figured I could rig up something similar that would help (in a simple way, without implementing full SRS).

I changed my .muttrc such that the Envelope-From on outgoing mail is now

set sendmail="/usr/lib/sendmail"

I actually used a different word than foo above but I'm not going to mention it here. If an email worm were to pick up that address off this page, this whole scheme would be defeated. When setting this up you can use any word you want.

Then I changed my procmail rule to also check bounce messages addressed to my normal address:

* ^Return-Path: (<>|MAILER-DAEMON@)
* ^

In this way, only fake bounce messages that are addressed to my normal address (and are thus worm-generated) get shuffled off to the 'bounce' folder. Any bounce message that I legitimately receive as a result of a message I actually sent, will be addressed to instead, and will not be matched by the above rule. So, they will end up in my normal inbox as they should.

Initial tests show that this is working great. If for some reason a worm discovers the SRS-style Envelope-From address I am using and starts sending me fake bounce messages to that address, I can easily change it to something else.

Fighting spam and worm mail is taking up a nontrivial amount of my time these days, hopefully this will help reduce that time.

Tags: email, unix

  • new zealand government goes creative commons

    This looks like a fantastic step forward: New Zealand Government Open Access and Licensing Framework The draft NZGOAL sets out a series of policy…

  • earthquake

    About an hour ago, we felt a magnitude 5.4 earthquake. Although New Zealand is a fairly seismically active area, we had not felt an earthquake since…

  • kiwi english

    After being here for a couple of months, I've started to notice all sorts of ways in which Kiwi english is different from North American english.…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded