On 2/22/2010 12:59 PM, Cameron Camp wrote:
Forgive me if this has been asked (or point me thusly):
My postfix box is getting e-mails where dirtbagspam...@whatever.com
sends to someothercrapaddr...@whereverelse.com and uses a valid e-mail
address on my server for the return, so I get a non-delivery e-mail from
the someothercrapaddr...@whateverelse.com mail server to the client
(virtual hosted) on my server. How can I block clients on my box from
getting these e-mails or discard these automatically, will postfix do
this? Apparently the spammers just got a valid e-mail my client had
somewhere like on a website and just used it as a return address for the
spam operation, or are there other scenarios that would likely cause
this? My box isn't blacklisted, has the right RDNS, and isn't
open-relaying.
Best,
Cameron
That's called backscatter or outscatter or a joe-job.
http://en.wikipedia.org/wiki/Backscatter_%28e-mail%29
http://en.wikipedia.org/wiki/Joe_job
There isn't much you can do to stop spammers from doing this,
no more than you can stop me from walking down the street and
introducing myself as Cameron.
Publishing SPF records for your domain *may* make your domain
a less attractive target for a spammer to forge, but there's
not really any hard evidence for that claim.
http://www.openspf.org/
Here's an article on how to reject some of the bounces in postfix:
http://www.postfix.org/BACKSCATTER_README.html
SpamAssassin does a pretty good job of catching this type of
spam if you could add it to your server.
-- Noel Jones
