email account bombarded with SPAM error bounces - what to do?
in [Postfix]
|
From: "Administrator Beckspaced.com" on 9 Jul 2010 06:35 hello there, i'm running a postfix 2.4.6 on a opensuse box. postfix has amawis-new with spamassasin installed ... since a few weeks one of my email accounts gets bombarded with thousands of SPAM mailer daemon error bounces. could not deliver message ... bla bla bla ... it's getting really annoying as there are thousands of error bounces coming in every single day. looks like that the email address ended up on some SPAM mailing lists .... adn now the mailbox receives all this error message junk so ... what's the best strategy to get rid off this problem? already had a quick look ... and the error bounces come in with an empty <> from address ... which seems to be standard for this ... and by default postfix doesn't block empty from addresses <> so what's the best thing to do to get rid of those thousand error email bounces? thing is that the customer urgently needs this email account as it is signed up at many service providers. could i do a header check for this single email account and reject the empty from address <> for that email account only? what are my options? what's the smartest thing to do?? thanks a lot for your help & service with best regards becki
From: Robert Schetterer on 9 Jul 2010 06:42 Am 09.07.2010 12:35, schrieb Administrator Beckspaced.com: > hello there, > > i'm running a postfix 2.4.6 on a opensuse box. > postfix has amawis-new with spamassasin installed ... > > since a few weeks one of my email accounts gets bombarded with thousands > of SPAM mailer daemon error bounces. > could not deliver message ... bla bla bla ... > > it's getting really annoying as there are thousands of error bounces > coming in every single day. > > looks like that the email address ended up on some SPAM mailing lists > ... adn now the mailbox receives all this error message junk > > so ... what's the best strategy to get rid off this problem? > > already had a quick look ... and the error bounces come in with an empty > <> from address ... > which seems to be standard for this ... and by default postfix doesn't > block empty from addresses <> > > so what's the best thing to do to get rid of those thousand error email > bounces? > > thing is that the customer urgently needs this email account as it is > signed up at many service providers. > > could i do a header check for this single email account and reject the > empty from address <> for that email account only? > what are my options? what's the smartest thing to do?? > > thanks a lot for your help & service > > with best regards > becki > if it always the same host sending backscatter simple block the host by access list and/or firewall lets see some logs, there are many way to deal with backscatter -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
From: "Administrator Beckspaced.com" on 9 Jul 2010 06:51 hello robert, thanks a lot for your quick reply ... actually it is not always the same IP or host sending the error bounces ... the bounces are sent from hundred of different IP addresses ... any more idea? thanks for your help & fun becki below some logs you requested ... change the real email account to spamUser(a)domain.com -> Jul 8 12:20:27 gehirn postfix/smtpd[19857]: NOQUEUE: reject: RCPT from crusty.hosts.net.nz[210.48.108.195]: 554 5.7.1 <spamUser(a)domain.com>: Recipient address rejected: Access denied; from=<> to=<spamUser(a)domain.com> proto=SMTP helo=<crusty.hosts.net.nz> Jul 8 12:22:08 gehirn postfix/smtpd[19859]: NOQUEUE: reject: RCPT from mailx.nlabs.de[92.79.50.220]: 554 5.7.1 <spamUser(a)domain.com>: Recipient address rejected: Access denied; from=<> to=<spamUser(a)domain.com> proto=SMTP helo=<mailx.nlabs.de> Jul 8 12:22:48 gehirn postfix/smtpd[19854]: warning: 222.254.188.229: address not listed for hostname localhost Jul 8 12:23:28 gehirn postfix/smtpd[18358]: NOQUEUE: reject: RCPT from port-87-234-220-121.static.qsc.de[87.234.220.121]: 554 5.7.1 <spamUser(a)domain.com>: Recipient address rejected: Access denied; from=<> to=<spamUser(a)domain.com> proto=SMTP helo=<mforward> Jul 8 12:26:22 gehirn postfix/smtpd[19854]: setting up TLS connection from mail.aydin.edu.tr[212.174.169.8] Jul 8 12:26:22 gehirn postfix/smtpd[19854]: TLS connection established from mail.aydin.edu.tr[212.174.169.8]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Jul 8 12:26:22 gehirn postfix/smtpd[19854]: NOQUEUE: reject: RCPT from mail.aydin.edu.tr[212.174.169.8]: 554 5.7.1 <spamUser(a)domain.com>: Recipient address rejected: Access denied; from=<> to=<spamUser(a)domain.com> proto=ESMTP helo=<Mailsrv.aydin.edu.tr> Jul 8 12:27:57 gehirn postfix/smtpd[19850]: NOQUEUE: reject: RCPT from svhqgtw02.ethiopianairlines.com[213.55.83.14]: 554 5.7.1 <spamUser(a)domain.com>: Recipient address rejected: Access denied; from=<> to=<spamUser(a)domain.com> proto=SMTP helo=<svhqgtw02.ethiopianairlines.com> Jul 8 12:27:58 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from svhqgtw02.ethiopianairlines.com[213.55.83.14]: 554 5.7.1 <spamUser(a)domain.com>: Recipient address rejected: Access denied; from=<> to=<spamUser(a)domain.com> proto=SMTP helo=<svhqgtw02.ethiopianairlines.com> Jul 8 12:28:27 gehirn postfix/smtpd[18358]: A565C150A7D: client=relay02.is.co.za[196.35.6.70] Jul 8 12:28:31 gehirn postfix/smtpd[20525]: 78BEC150A7F: client=localhost[127.0.0.1] Jul 8 12:28:35 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from mx2.lost-oasis.net[80.67.160.52]: 554 5.7.1 <spamUser(a)domain.com>: Recipient address rejected: Access denied; from=<> to=<spamUser(a)domain.com> proto=SMTP helo=<mx2.lost-oasis.net> Jul 8 12:29:23 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from defer114.ocn.ad.jp[122.28.15.169]: 554 5.7.1 <spamUser(a)domain.com>: Recipient address rejected: Access denied; from=<> to=<spamUser(a)domain.com> proto=ESMTP helo=<defer114.ocn.ad.jp> Jul 8 12:29:49 gehirn postfix/smtpd[19850]: E4B86150AE9: client=unknown[184.154.34.69] Jul 8 12:29:56 gehirn postfix/smtpd[20525]: 8B7F4150AF6: client=localhost[127.0.0.1] Jul 8 12:30:43 gehirn postfix/smtpd[19854]: NOQUEUE: reject: RCPT from post.vrus.de[85.182.133.62]: 554 5.7.1 <spamUser(a)domain.com>: Recipient address rejected: Access denied; from=<> On 7/9/2010 12:42, Robert Schetterer wrote: > Am 09.07.2010 12:35, schrieb Administrator Beckspaced.com: >> hello there, >> >> i'm running a postfix 2.4.6 on a opensuse box. >> postfix has amawis-new with spamassasin installed ... >> >> since a few weeks one of my email accounts gets bombarded with thousands >> of SPAM mailer daemon error bounces. >> could not deliver message ... bla bla bla ... >> >> it's getting really annoying as there are thousands of error bounces >> coming in every single day. >> >> looks like that the email address ended up on some SPAM mailing lists >> ... adn now the mailbox receives all this error message junk >> >> so ... what's the best strategy to get rid off this problem? >> >> already had a quick look ... and the error bounces come in with an empty >> <> from address ... >> which seems to be standard for this ... and by default postfix doesn't >> block empty from addresses<> >> >> so what's the best thing to do to get rid of those thousand error email >> bounces? >> >> thing is that the customer urgently needs this email account as it is >> signed up at many service providers. >> >> could i do a header check for this single email account and reject the >> empty from address<> for that email account only? >> what are my options? what's the smartest thing to do?? >> >> thanks a lot for your help& service >> >> with best regards >> becki >> > if it always the same host sending backscatter > simple block the host by access list and/or firewall > > lets see some logs, there are many way to deal with backscatter >
From: "Kammen van, Marco, Springer SBM NL" on 9 Jul 2010 07:00 >From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] On Behalf Of Administrator Beckspaced.com >Sent: Friday, July 09, 2010 12:52 PM >To: Robert Schetterer >Cc: postfix-users(a)postfix.org >Subject: Re: email account bombarded with SPAM error bounces - what to do? > > hello robert, >thanks a lot for your quick reply ... >actually it is not always the same IP or host sending the error bounces .... >the bounces are sent from hundred of different IP addresses ... >any more idea? >thanks for your help & fun >becki Hi Robert, Not sure if its related to your issue. But there is a big spam/virus attack going on, where messages look like NDR's but they aren't. Various big anti spam vendors are having serious issues stopping this. Marco van Kammen Springer Science+Business Media System Manager & Postmaster van Godewijckstraat 30 | 3311 GX Office Number: 05E21 Dordrecht The Netherlands www.springer.com
From: wolfgang on 9 Jul 2010 07:11 In an older episode (Friday, 9. July 2010), Kammen van, Marco, Springer SBM NL wrote: > But there is a big spam/virus attack going on, where messages look > like NDR's but they aren't. > Various big anti spam vendors are having serious issues stopping > this. Could you provide a URL where more details are available? Regards, wolfgang
|
Next
|
Last
Pages: 1 2 3 4 Prev: Greylisting & SMTP auth Next: asking ARP for an internal IP 169.254.140.241 |