Noel Jones pisze:
jeff donovan wrote:
Greetings
I have a user whos name is being spoofed by the spammers of the
world. and her mailbox is getting flooded by legitimate Mailer
Delivery notices.
Is there anything i can do for her besides change her account name ?
I was thinking about a temporary regex to discard those notices. ( i
know not the best but it may stem the tide ).
any assistance is welcome
-jeff
General suggestions for combating backscatter:
http://www.postfix.org/BACKSCATTER_README.html
You can use the ips.backscatterer.org to reject bounces (*NOT* all
mail) from known backscatter sources. Do this in
smtpd_data_restrictions for compatibility with sender address
verification.
# main.cf
smtpd_data_restrictions =
check_sender_access hash:/etc/postfix/backscatterer
# backscatterer
<> reject_rbl_client ips.backscatterer.org
I'd also recommend using rbl (like in above example).
<> reject_rbl_client bl.spamcannibal.org, reject_rbl_client
ips.backscatterer.org
postmaster reject_rbl_client bl.spamcannibal.org, reject_rbl_client
ips.backscatterer.org
MAILER-DAEMON reject_rbl_client bl.spamcannibal.org, reject_rbl_client
ips.backscatterer.org
I'm getting quite good results with backscatter using those two BL
servers above.
Unfortunately I also had 1 user getting lots of backscatter. What I've
found it's useful to do some body_checks.
Have a look if there's something common in some of those annoying
messages, and set sth like:
body_checks = pcre:/etc/postfix/body_checks
Part of my body_checks file:
if /^[> ]*Received:/
/^[> ]*Received:.from.CUSTOMER\.VPLS\.NET.\(\[[0-5,7-9](.*)/
REJECT Backscatter from CUSTOMER.VPLS.NET
/^[> ]*Received:.from.CUSTOMER\.VPLS\.NET.\(\[6[0-6,8-9](.*)/
REJECT Backscatter from CUSTOMER.VPLS.NET
/^[> ]*Received:.from.CUSTOMER\.VPLS\.NET.\([0-5,7-9](.*)/
REJECT Backscatter from CUSTOMER.VPLS.NET
/^[> ]*Received:.from.CUSTOMER\.VPLS\.NET.\(6[0-6,8-9](.*)/
REJECT Backscatter from CUSTOMER.VPLS.NET
/^[> ]*Received:.from.CUSTOMER\.VPLS\.NET.\(unknown(.*)/
REJECT Backscatter from CUSTOMER.VPLS.NET
/^[> ]*Received:.from.CUSTOMER\.VPLS\.NET.\([a-b,d-z,A-B,D-Z](.*)/
REJECT Backscatter from CUSTOMER.VPLS.NET
/^[>
]*Received:.from.(.*)\(HELO.CUSTOMER\.VPLS\.NET\).\([0-5,7-9](.*)\)(.*)/
REJECT Backscatter from CUSTOMER.VPLS.NET
/^[>
]*Received:.from.(.*)\(HELO.CUSTOMER\.VPLS\.NET\).\(6[0-6,8-9](.*)\)(.*)/
REJECT Backscatter from CUSTOMER.VPLS.NET
/^[> ]*Received:.from.(.*)\((.*)helo=CUSTOMER\.VPLS\.NET\)(.*)/
REJECT Backscatter from CUSTOMER.VPLS.NET
endif
I was getting lots of backscatter sent from hosts claiming to be
CUSTOMER.VPLS.NET, and then I found above rules to help me a lot (they
are far from ideal, but they just work for me).
Maybe you can also build body_checks to stop backscatter one of your
users is getting.
Good luck,
Pawel
