Gaston Dassieu Blanchet wrote: > Dear All, > > I have found the below in my Postfix logs. I believe I have a > backscatter problem, which seems to have gotten me in some SPAM black > lists out there: > > [EMAIL PROTECTED]:/home/root# cat /var/log/maillog* | grep 54EF0453B > Aug 18 18:26:19 Natsumi postfix/smtpd[12950]: 54EF0453B: > client=c-68-44-19-67.hsd1.nj.comcast.net > <http://c-68-44-19-67.hsd1.nj.comcast.net>[68.44.19.67 > <http://68.44.19.67>] > Aug 18 18:26:20 Natsumi postfix/cleanup[12954]: 54EF0453B: > [EMAIL PROTECTED] > Aug 18 18:26:20 Natsumi postfix/qmgr[2661]: 54EF0453B: > from=<[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>>, size=1009, > nrcpt=5 (queue active) > > Aug 18 18:26:21 Natsumi postfix/local[12958]: 54EF0453B: > to=<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>, relay=local, > delay=2.3, delays=1.8/0.27/0/0.2, dsn=5.2.0, status=bounced (maildir > delivery failed: create maildir file > //Maildir/tmp/1219094781.P12958.Natsumi: Permission denied) > Aug 18 18:26:21 Natsumi postfix/local[12958]: 54EF0453B: > to=<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>, relay=local, > delay=2.3, delays=1.8/0.47/0/0.01, dsn=5.2.0, status=bounced (maildir > delivery failed: create maildir file > /var/spool/uucppublic/Maildir/tmp/1219094781.P12958.Natsumi: > Permission denied) > > Aug 18 18:26:21 Natsumi postfix/bounce[12960]: 54EF0453B: sender > non-delivery notification: 6B26F4544 > Aug 18 18:26:21 Natsumi postfix/qmgr[2661]: 54EF0453B: removed > > If my understanding is correct, I am receiving SPAM with a forged > source address. This SPAM is accepted by my valid mailboxes > ([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> above), > and *bounced* (not not rejected!) by my invalid mailboxes (mail, uucp, > ... above) > > I am quite worried about this. Could anyone kindly help me figure out > which postfix 2.5.1 configuration parameters can I use to prevent this > type of abuse?
These are default users that are for services. They are required, however, do not have to receive mail as mouss has pointed out. Without 'postconf -n', I can only give some general advice. If you are not using RBLs, then please start. Better: Using a scoring system like postfwd or policyd-weight (development currently paused). Brian
