email account bombarded with SPAM error bounces - what to do?
in [Postfix]
|
From: Ram on 10 Jul 2010 08:26 On Sat, 2010-07-10 at 14:15 +0200, Administrator Beckspaced.com wrote: > > On 7/9/2010 16:13, Administrator Beckspaced.com wrote: > > > > > > On 7/9/2010 14:40, Ram wrote: > >> On Fri, 2010-07-09 at 13:35 +0200, Administrator Beckspaced.com wrote: > >>> On 7/9/2010 13:27, Robert Schetterer wrote: > >>>> Am 09.07.2010 12:51, schrieb Administrator Beckspaced.com: > >>>>> hello robert, > >>>>> > >>>>> thanks a lot for your quick reply ... > >>>>> actually it is not always the same IP or host sending the error > >>>>> bounces ... > >>>>> the bounces are sent from hundred of different IP addresses ... > >>>>> > >>>>> any more idea? > >>>>> > >> Usually you can do very little to prevent forging your domain and > >> sending spam. > >> Some months ago one client of ours too had the same issue, but the issue > >> is very temporary. > >> The short term solution , as someone suggested, will be to temporarily > >> defer all NDR's with a sender check regex file like > >> /<>/ 450 Try Later > >> > >> > >> ( The RFC's say you cant do this .. but sometimes you must be > >> practical :-) ) > >> > >> > >> > >> > >> > From my personal experience I found that if , for your regular mailing > >> you use some sender authentication mechanism like SPF then these NDR's > >> significantly reduce. For eg many servers reject forged messages based > >> on SPF checks so you dont get NDR's from them at least. > >> > >> I guess , spammers ( the more intelligent ones ... I mean ) too would > >> be less inclined to forge a domain that uses sender authentication > >> Because that will reduce the deliverability of their spams > >> > >> Thanks > >> Ram > >> > >> > >> > >> > >> > > hello again robert & ram > > > > thanks again for your ideas ... > > > > so i had another search in google about that backscatter topic and > > sort of found a nice, simple & also quick solution? > > > > SAFE MODE with Postfix: > > > > Edit /etc/postfix/main.cf: > > smtpd_recipient_restrictions = > > ... > > check_sender_access dbm:/etc/postfix/check_backscatterer > > ... > > Create new file:/etc/postfix/check_backscatterer: > > <> reject_rbl_client ips.backscatterer.org > > postmaster reject_rbl_client ips.backscatterer.org > > > > well ... had to change the postfix dbm lookup to hash and do a postmap > > on the file ... > > but now this seems to work as it already rejected a few emails > > according to the mail log ... > > > > more info can be found here -> > > > > http://www.backscatterer.org > > > > does anyone have any experience with that list? > > is this a good longterm solution? > > > > best regards > > becki > > > hello again ram, robert & postfix users ;-) > > already posted yesterday about the backscatterer.org ... > but was a bit too skeptical to do the check on ALL NDR's for ALL email > accounts on my mail server ... > > so i had a look around to do the check ONLY for that specific email account. > it's actually quite easy with smtpd_restriction_classes > > i thought i will write a short 'todo' as it might help some other mail > server administrators out there ... who knows? > > so first thing is to setup a restriction class in main.cf -> > > smtpd_restriction_classes = reject_ndr_class > reject_ndr_class = check_sender_access hash:/etc/postfix/backscatter_check > > now create the backscatter_check file in /etc/postfix/ > touch /etc/postfix/backscatter_check > > and fill in this data > > <> reject_rbl_client ips.backscatterer.org > postmaster reject_rbl_client ips.backscatterer.org > MAILER-DAEMON reject_rbl_client ips.backscatterer.org use a regexp: file I dont think <> is supported in a hash: file /<>/ reject_rbl_client ips.backscatterer.org /^postmaster/ reject_rbl_client ips.backscatterer.org
From: Wietse Venema on 10 Jul 2010 08:46 Ram: > I dont think <> is supported in a hash: file It is a special pattern for SMTPD access maps (i.e. this is implemented in the Postfix access map code, not in the code that implements hash or other databases). smtpd_null_access_lookup_key (default: <>) The lookup key to be used in SMTP access(5) tables instead of the null sender address. Wietse
From: Ansgar Wiechers on 10 Jul 2010 09:58 On 2010-07-09 Administrator Beckspaced.com wrote: > since a few weeks one of my email accounts gets bombarded with thousands > of SPAM mailer daemon error bounces. > could not deliver message ... bla bla bla ... > > it's getting really annoying as there are thousands of error bounces > coming in every single day. > > looks like that the email address ended up on some SPAM mailing lists ... > adn now the mailbox receives all this error message junk > > so ... what's the best strategy to get rid off this problem? > > already had a quick look ... and the error bounces come in with an empty > <> from address ... > which seems to be standard for this ... and by default postfix doesn't > block empty from addresses <> > > so what's the best thing to do to get rid of those thousand error email > bounces? > > thing is that the customer urgently needs this email account as it is > signed up at many service providers. > > could i do a header check for this single email account and reject the > empty from address <> for that email account only? > what are my options? what's the smartest thing to do?? I don't know about "best strategy", but if you can route your outbound mail through one server, you could try the proxy filter I wrote a while ago to take care of this problem. http://www.planetcobalt.net/sdb/backscatter.shtml WFM, but beware that it's not tested on (and probably not suitable for) high-volume servers. </shameless-plug> Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
First
|
Prev
|
Pages: 1 2 3 4 Prev: Greylisting & SMTP auth Next: asking ARP for an internal IP 169.254.140.241 |