On Feb 4, 2009, at 9:47 AM, Brian Evans - Postfix List wrote:
jeff donovan wrote:
here is a sample of the bounce: I have modified the real users name.
Article rejected, un-authorized poster of realusern...@beth.k12.pa.us
Received: from XDYHONJUP [189.22.134.132] by john23.com with ESMTP
(SMTPD32-8.00) id A6C57D10052; Wed, 04 Feb 2009 08:23:17 -0500
Received: from 189.22.134.132 by mail2.beth.k12.pa.us; Wed, 4 Feb
2009
11:22:50 -0300
If this is to be believed, then:
grkni...@mx1 ~ $ host 132.134.22.189.zen.spamhaus.org
132.134.22.189.zen.spamhaus.org has address 127.0.0.4
Zen wins again and this is spam accepted by your server and not
BackScatter.
Check logs to verify this is not forged.
Brian
thanks brian. I guess this is a a bad example. I picked one out of a
hat. I have zen listed.
i have placed these two lines in my config. Hopefully this will
eliminate some of the bounce messages.
header_check
if /^Received:/
/^Received: +from +(beth\.k12\.pa\.us) +/ reject forged client name in
Received: header: $1
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(beth\.k12\.pa
\.us)\)/ reject forged client name in Received: header: $2
/^Received:.* +by +(beth\.k12\.pa\.us)\b/ reject forged mail server
name in Received: header: $1
endif
body check
if /^[> ]*Received:/
/^[> ]*Received: +from +(beth\.k12\.pa\.us) / reject forged client
name in Received: header: $1
/^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(beth
\.k12\.pa\.us)\)/ reject forged client name in Received: header: $2
/^[> ]*Received:.* +by +(beth\.k12\.pa\.us)\b/ reject forged mail
server name in Received: header: $1
endif
/^[> ]*Message-ID:.* <!&!/ DUNNO
/^[> ]*Message-ID:.*@(beth\.k12\.pa\.us)/ reject forged domain name in
Message-ID: header: $1
