domains to reject

J. Francois jlf@magusnet.gilbert.az.us
Fri, 10 Mar 2000 07:00:37 -0700 

It seems like on Fri, Mar 10, 2000 at 12:45:12AM -0700, der.hans scribbled:
Orig Msg> 
Orig Msg> Jean, is it possible to mostly reject a piece of mail such that they get
Orig Msg> it a couple of dozen times before it finally gets fully rejected?
Orig Msg> 
Orig Msg> ciao,
Orig Msg> 

Hmmmm....

I have never tried to do that.
It sounds evil, and I like that.
Try the URLs in my .sig and see if anyone has built something 
taht will do multiple rejects.

I only use sendmail so I can't speak for the other MTAs.
Here is what my sendmail setup would look like.

/etc/mail/deny.file ( becomes deny.db ):
ecomtracker.com "551 Oh My God!...You Spammed Kenny!...You Bastards!..."
ecommercial.com "551 Oh My God!...You Spammed Kenny!...You Bastards!..."

teergrube.delay.local:
63.82.78.0/24	90000

So now if the SPAM comes directly from them without mail
relay it gets held up for 90000 seconds before getting delivered 
to sendmail, which promptly drops the email during the HELO
and/or MAIL-FROM stage so it never gets to your hard drive.

In the event they relay rape a server in .ch or .tw the sendmail rule
will catch it and drop it.

Now remember because the mail stays in queue for 90000 seconds,
the sender will still get messages that:
"this email has not been delivered in [SOME SET INTERVAL].
 delivery will be attempted for the next [ SOME OTHER SET INTERVAL ]"

so in sendmail the default is to send the alert every 4 hours and keep
trying for 5 days. I guess teergrube wins.

NOTE: I had some local ISP get pissed at me because they
      upgraded their WINNT mail server with some software that
      choked and died when it encountered my teergrube.
      It resulted in a complaint to my upstream ISP provider.
      It is the first and only teergrube complaint I have seen
      in the 3+ years I have been running it.
      Reference RFC821 Appendix E for details on how a teergrube
      works and why and RFC821 compliant MTA wont notice it is there.


** Debian Linux/*BSD Rocks! **  Read This Emails Headers **
Send me ASCII & RTF only. Microsoft formats go to /dev/null unread.
MagusNet,Inc. fights UCE/UBE/SPAM: http://www.imrss.org/dssl 
http://maps.vix.com  http://www.orbs.org , http://www.mail-abuse.org
http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html
Got Anonymity on the Internet? http://www.magusnet.com/proxy.html