Paweł Leśniak a écrit : > Hello, > > One of our users is getting lots of returned mails because his email > address is used as return-path by spammer(s). > After reading BACKSCATTER_README I'm almost sure I should have some > body_checks to check against Message-ID and Return-path values. > > As you can see in the "original" spam message (enveloped in returned > mail, attached below) Message-ID is <mam7rj.0309g198hip...@hipwah.com>. > Our mailserver produces Message-IDs with following forms: > <some_numbers_and_d...@example.com> > <some_numbers_and_dots.squirrelm...@mail.example.com> > <alpine.lnx.sume_numbers_and_d...@mail.example.com> >
This doesn't mean all your users mail has such message-id's: - the message-id is added by the MUA. so if the MUA is named joe.my.computer, the message-id will use this instead of example.com. - if your users post from other servers (their ISP, hotel, ...), the message-id may be that of the ISP/hotel/.. assuming their MUA doesn't generate a message-id. if you thought about these and feel confident, then you can use something like if /Message-Id:/ /[...@\.]example\.com>/ OK /./ REJECT forged message-id endif > How can I check if Message-ID of message enveloped inside returned mail > obeys to one of forms given above? > I think that some combination of Message-ID and one of return-path and > from fields should give good results, but I'm not sure if I'm not > missing something. > you can't combine envelope sender and a body_check rule. For that, you would need a proxy_filter to pass mail to different smtpd's (each with its own cleanup, and thus header/body checks) based on the sender. > [snip]
