Print Page | Close Window

Spammers using SpamFilter to send Spam

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
Printed Date: 20 February 2019 at 10:22pm

Topic: Spammers using SpamFilter to send Spam
Posted By: ITI Computers
Subject: Spammers using SpamFilter to send Spam
Date Posted: 26 July 2010 at 10:03am
I discovered on Friday that Spammers are using the SpamFilter program to send out their Spam. I did not know that was possible. We talked to our Host Provider RackSpace and they showed us how it is being done, the following is from their Technician...
"What's happening is spammers are connecting to the spam filter on the IP address. They send a message to a bogus recipient on the domain, and set the Reply-To address in the headers to whoever they want to send spam to. I was able to test and exploit this once I figured out what was going on.

When the spam filter tries to deliver to Imail, it gets an error that the user is invalid. The spam filter then sends an error message to the Reply-To address, using "Webmaster" <> as it's from address. Because Imail allows relay from, it sends this error message out.

It essentially is backscatter spam, but the wrinkle is Imail isn't sending backscatter, the problem is the way your spam filter handles errors.

In order to solve this issue, you need to configure your spam filter not to send an error message when a user doesn't exist."
Please advise on how we can configure SpamFilter to prevent this.
We are using Version
Bill Turner


ITI Computers
Web Design and Hosting

Posted By: LogSat
Date Posted: 26 July 2010 at 9:23pm

SpamFilter v4.2.4.830 that was released a few months ago has the following feature, which is exactly what you're looking for: 

/ New to VersionNumber = '';
{TODO -cNew To avoid backscatter, if an incoming email passes all filtering rules, but cannot be forwarded (ex. mailbox full, non-existent user), SpamFilter maintains open the incoming remote connection until it can verify with the destination server that the email can be delivered. If not, a 5xx error is output forcing the remote server to generate the NDR, rather than having SpamFilter send an NDR notification email}

With versions of SpamFilter prior to v4.2, a very effective way to both eliminate the backscatter and to at the same time reduce spam, is to implement the "Authorized TO" whitelist in SpamFilter. If you provide SpamFilter a list with all the valid email users on your system, SpamFilter will immediately reject any attempt to deliver emails to non-existent users. This causes an immediate disconnect of the spammer, without any NDRs (non-deliverable receipt emails) being generated.

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Posted By: ITI Computers
Date Posted: 27 July 2010 at 9:10am
Thanks for the reply.
Adding our users to the "Authorized To" list is not a viable option, as we have 100's of domains and 1000's of users. And more being added all the time, which we do not control.
I upgraded our SF program yesterday to the newest version on the site, SpamFilter ISP (v4.1.2.812), I did not see a link to the version. Is it stable? And can you provide a link to it either here or to my email?

ITI Computers
Web Design and Hosting

Print Page | Close Window