W dniu 2009-04-04 20:09, LuKreme pisze:
I've seen an increase in backscatter emails recently. Perfectly valid
headers (AFAICT)
Return-Path: <>
X-Original-To: kr...@kreme.com
Delivered-To: kr...@covisp.net
Received: from mail9.webair.com (mail9.webair.net [74.206.236.69])
by mail.covisp.net (Postfix) with ESMTPS id 4FC10118B5B0
for <kr...@kreme.com>; Sat, 4 Apr 2009 00:18:38 -0600 (MDT)
Received: (qmail 45760 invoked for bounce); 4 Apr 2009 06:18:36 -0000
Date: 4 Apr 2009 06:18:36 -0000
From: mailer-dae...@mail9.webair.com
To: kr...@kreme.com
Subject: failure notice
Message-Id: <20090404061838.4fc10118b...@mail.covisp.net>
(I did just update this spf record to "v=spf1 a mx
ip4:75.148.117.94/29 ~all" which I expect will help some)
Is there some sort of strategy I can implement that will reject a good
portion of these kinds of messages? What are other people doing to
deal with backscatter? I read up on SRS, but it doesn't sound like a
great idea.
I'd recommend using rbl checks specified for this:
backscatter.map:
<> reject_rbl_client ips.backscatterer.org, reject_rbl_client
bl.spamcannibal.org
postmaster reject_rbl_client ips.backscatterer.org, reject_rbl_client
bl.spamcannibal.org
MAILER-DAEMON reject_rbl_client ips.backscatterer.org, reject_rbl_client
bl.spamcannibal.org
Add
check_sender_access hash:/etc/postfix/backscatter.map
at the very last of RBLs in smtpd_recipient_restrictions (or other
restrisctions if you prefer). For sure you should also read info on
those blacklists.
IP you've provided as source of backscatter is listed in backscatterer.org.
Moreover, SPF won't help you much, because other mailserver admins would
have to check it, and it's rarely supported.
Pawel Lesniak
