I am using RBLs and Spamassassin and want to accomplish this:

1. Filter spam using Spamassassin
2. Send and autoreply to any mail flagged as spam, as a failsafe in case
"good" mail get's through.
3. Delete the mail so I never see it on my mail client.

Questions:

1. Is this a bad idea for some reason? (i.e. if I reply to all thos spammers
is it "qualifying" my address?)
2. Can I do all that with Procmail?
3. How dangerous is it for a novice like myself to be poking around in
there?
4. Is there a better solution?

I don't want to change my email address(es)

TIA

On 3/10/2008 11:09 PM, carlos gonzales wrote:
> 1. Filter spam using Spamassassin
> 2. Send and autoreply to any mail flagged as spam, as a failsafe in
> case "good" mail get's through.
> 3. Delete the mail so I never see it on my mail client.

I'd suggest that you don't. (See below.)

> Questions:
>
> 1. Is this a bad idea for some reason? (i.e. if I reply to all thos
> spammers is it "qualifying" my address?)

Replying to spam messages is a very bad idea. If you are not careful,
you will be replying to and causing back scatter messages.

> 2. Can I do all that with Procmail?

Yes.

> 3. How dangerous is it for a novice like myself to be poking around
> in there?

Poking around in side of your Procmail recipes is not all that dangerous
other than possibly loosing email and / or sending it else where. If
you are doing it system wide, the problem is the same just a bigger
scope of effected people.

> 4. Is there a better solution?

Yes. Reject spam messages during the SMTP transaction (read: use a
milter that will reject spam). This will cause the sending system to
send a bounce message back to the sender. Also, do not accept messages
for everyone and then bounce the ones that are to an invalid recipient.

> I don't want to change my email address(es)

Don't. Spam filters will make sure that you don't have to.



Grant. . . .

On Tue, 11 Mar 2008 00:09:46 -0400, "carlos gonzales" <tdsmld@yahoo.com> wrote:
> I am using RBLs and Spamassassin and want to accomplish this:
>
> 1. Filter spam using Spamassassin
> 2. Send and autoreply to any mail flagged as spam, as a failsafe in case
> "good" mail get's through.
> 3. Delete the mail so I never see it on my mail client.

An autoreply is the most `successful' method of letting the spammers
know that this is a valid address. In the greatest majority of cases,
an autoreply will:

- End up bouncing, because the sender address of the spam message
is an invalid, non-existent address.

- It will end up in the `spamtrap' of the spammer, verifying that
there's a real person reading these emails.

The short term result of the first case is that you are going to be
flooded with bounces for email messages you don't really care about.

The long term result of the second case is that your email address will
be flagged by spammers, and your incoming spam rate will increase as
your address get posted in their `real persons' lists.

What I usually do (which may not be the best thing, mind you) is filter
with procmail, using the SpamAssassin headers. With a procmail rule
like the following:

:0 H
* ^(X-Spam-Flag: YES|Subject: {Spam not delivered}|Subject: {Possible Spam})
junk

the spam tagged messages end up in `~/Mail/junk'. Then I periodically
flush this mailbox, looking for messages which may be false positives.

HTH,
Giorgos

On 11.03.2008 19:27, Giorgos Keramidas wrote:
> On Tue, 11 Mar 2008 00:09:46 -0400, "carlos gonzales" <tdsmld@yahoo.com> wrote:
>> I am using RBLs and Spamassassin and want to accomplish this:
>>
>> 1. Filter spam using Spamassassin
>> 2. Send and autoreply to any mail flagged as spam, as a failsafe in case
>> "good" mail get's through.
>> 3. Delete the mail so I never see it on my mail client.
>
> An autoreply is the most `successful' method of letting the spammers
> know that this is a valid address. In the greatest majority of cases,
> an autoreply will:
>
> - End up bouncing, because the sender address of the spam message
> is an invalid, non-existent address.
>
> - It will end up in the `spamtrap' of the spammer, verifying that
> there's a real person reading these emails.

Important and frequent third case:

- It will end up in the mailbox of some innocent third party whose
address has been abused as sender address by the spammer.

This is known as backscatter. It is already being exploited by spammers
to "bounce off" spam from servers so configured, so that it looks like
the spam came from them, and the mid to long run will get your server
added to "backscatter" blacklists.

--
Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...

On 2008-03-11 05:09, carlos gonzales wrote:

> 2. Send and autoreply to any mail flagged as spam, as a failsafe in case
> "good" mail get's through.

Read what Grant answered about this.

I know how stupid it is to reply to spam since I have some users that was
attacked by spammers. (the spammers was using their address as sender on
millions of spam)

When I saw the returned post from mail servers I was thinking like:
geez , how stupid can a postmaster be and still allowed to keep the job.

They claimed it was spam since all headers was faked, and the contents was
spam, and then send it back since they think the spammer fake everything
but use his own address as sender :-/

I have good filters that block most spam, but bounces from a remote MTA should
not be filtered, since one can do a typo by mistake and will be notified.

Grey list and things don't either if spam is delivered by bounce from
other MTA's

You must use filters that reject spam, not bounce or auto answer them,
the sender is faked in best case, or is stolen from a victim that you
terrorize so they can't use email for a week until the spammers take the next
sender address on their list of victims.

Don't spammers to delivery their shit.

In short, if spam pass your filters so it can't be rejected, you must drop it
later, since you don't know who sent it, and no, it's NOT the sender address.

/bb