> -----Original Message----- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of mouss > Sent: Wednesday, 15 April 2009 7:11 AM > To: postfix-users@postfix.org > Subject: Re: A better backscatter killer? > > Ralf Hildebrandt a écrit : > > * MacShane, Tracy <tracy.macsh...@airservicesaustralia.com>: > > > >> Then you won't receive some genuine messages, both bounce and > >> non-bounce. > >> > >> Try the ips.backscatterer.org RBL; it works well for us. > >> > >> > http://www.mailinglistarchive.com/postfix-users@postfix.org/msg57402. > >> html > > > > They are retarded. mail.charite.de is listed in it. > > > > and I guess postfix members would be bothered to block: > camomile.cloud9.net[168.100.1.3] > english-breakfast.cloud9.net[168.100.1.7] > > $ host 3.1.100.168.ips.backscatterer.org > 3.1.100.168.ips.backscatterer.org has address 127.0.0.2 $ > host 7.1.100.168.ips.backscatterer.org > 7.1.100.168.ips.backscatterer.org has address 127.0.0.2 > > so if one uses this list, then > - use a whitelist (dnswl and possibly local WL) > - use it in smtpd_data_restrictions to avoid blocking SAV > sources. while you may hate SAV, it's different than backscatter. > >
I do whitelist one of our backscatterers, since it's our Defence department. As it happens, it seems all of the backscatter I've trapped from them *is* backscatter, because they're bounces to non-existent addresses or evident spam messages. But I accept it all from them just in case. And yes, my restriction is in smtpd_data_restrictions, as shown in the original message I linked to. Frankly, I'm not that fussed about blocking potential bounces from list mail. Also, if I were running an ISP rather than a corporate email system, I probably wouldn't use this RBL. I do wish there were a slightly less problematic one - ie. one that would respond promptly to requests for removal without gouging 50 euro, and which didn't care so much about SAV - but I don't think it's *that* problematic. Our main source of spam that was getting through our header checks was from backscatter, and since I've instituted the RBL, it has entirely gone. Only a couple of hundred or so messages a day currently, but it makes a difference to our end-users, some of whom were disproportionally affected by the problem (we have a tag-and-forward content scanner, and some of these individuals were having to review and discard hundreds of messages a week).
