Miguel Da Silva - Centro de Matemática wrote:
Noel Jones escribió:
Miguel Da Silva - Centro de Matemática wrote:
Dear users, today an user told me he was recieving too many spam in a
very short period of time. I took a look at the log files and what he
told me is true. :(
But... it just happens to him, nothing else is recieving spam. The
server is running Postfix + SpamAssassin + Clamav and the filters
seems to run fine. I can see many warnings about blocked spam.
The symptons are too many connections trying to send mail to this
user. Those connections come from all over the world.
Any suggestion?!
Greetings.
If these are non-delivery notices of mail he didn't send, see the
BACKSCATTER_README for suggestions on blocking it.
http://www.postfix.org/BACKSCATTER_README.html
Thank you... it's really backscatter.
Let's work with it now.
Greetings.
Those usually do not get blocked by RBLs and other usual
tactics because they come from legit but poorly configured
mail servers.
ips.backscatterer.org is an RBL that targets backscatter
sources. http://www.backscatterer.org/
To limit the false positives, only reject mail if it looks
like a bounce.
something like this:
# main.cf
smtpd_sender_restrictions =
regexp:/etc/postfix/sender.regexp
# sender.regexp
# check null sender bounces
/^<>$/ reject_rbl_client ips.backscatterer.org
--
Noel Jones
