Noel Jones wrote:
Miguel Da Silva - Centro de Matemática wrote:
Noel Jones escribió:
Miguel Da Silva - Centro de Matemática wrote:
Dear users, today an user told me he was recieving too many spam in
a very short period of time. I took a look at the log files and what
he told me is true. :(
But... it just happens to him, nothing else is recieving spam. The
server is running Postfix + SpamAssassin + Clamav and the filters
seems to run fine. I can see many warnings about blocked spam.
The symptons are too many connections trying to send mail to this
user. Those connections come from all over the world.
Any suggestion?!
Greetings.
If these are non-delivery notices of mail he didn't send, see the
BACKSCATTER_README for suggestions on blocking it.
http://www.postfix.org/BACKSCATTER_README.html
Thank you... it's really backscatter.
Let's work with it now.
Greetings.
Those usually do not get blocked by RBLs and other usual tactics because
they come from legit but poorly configured mail servers.
ips.backscatterer.org is an RBL that targets backscatter sources.
http://www.backscatterer.org/
To limit the false positives, only reject mail if it looks like a bounce.
something like this:
# main.cf
smtpd_sender_restrictions =
regexp:/etc/postfix/sender.regexp
# sender.regexp
# check null sender bounces
/^<>$/ reject_rbl_client ips.backscatterer.org
better do this in data restrictions to avoid blocking SAV sources.
$ host lists.sourceforge.net
lists.sourceforge.net has address 66.35.250.206
$ host 206.250.35.66.ips.backscatterer.org
206.250.35.66.ips.backscatterer.org has address 127.0.0.2
