On Mon, 01 Jun 2009, jan gestre wrote: > >>> I don't have anymore the logs from Postfix and I'm not sure if it > >>> really is a backscatter problem, all I have right now is the > >>> following: > >> > >> The message snippet is of no use. Can you post the full headers? That and > >> a corresponding log entry should clear things up. > >> > >> From what you've said so far it sounds more likely to be a forged > >> return-path/from, in which case adding and checking against spf records > >> would solve your issue. > >> > > I want to post here the complete message with headers but problem is > > it will take a while, I'm several kilometers away from this office and > > the on-site support guy still has not sent the message headers I've > > asked for. > > sample header: > > Received: from 55.Red-88-7-191.staticIP.rima-tde.net > (55.Red-88-7-191.staticIP.rima-tde.net [88.7.191.55])
Consider blocking at SMTP with the zen.spamhaus.org RBL. > by mail.example.com (Postfix) with ESMTP id 9DEC4148041 > for <jmgar...@example.com>; Mon, 1 Jun 2009 08:58:53 +0800 (PHT) > Message-ID: > <365683314256959.dtwibjscpdre...@55.red-88-7-191.staticip.rima-tde.net> > From: "Jeanine" <jmgar...@example.com> > To: jmgar...@example.com > Subject: Check it now > MIME-Version: 1.0 > Content-Type: text/html; charset="ISO-8859-1" > Content-Transfer-Encoding: 7bit > Date: Mon, 1 Jun 2009 08:58:53 +0800 (PHT) > > The received from ip address is obviously not the company's real ip > address, and we have lots of emails like this. You omitted Return-Path:, but it probably matches the email address in the From: header. If so, this is not backscatter at all. It is a typical spammer tactic of sending email with sender equal to recipient. See archives of this mailing list on how to prevent external (or untrusted) IPs/senders from using your domain name(s) in the envelope from. Also note the unintended consequences (also previously discussed on this list) of taking such preventive action. -- Sahil Tandon <sa...@tandon.net>
