Stan Hoeppner wrote:
Randy put forth on 3/24/2010 3:55 PM:
dig -x 208.43.143.111
;; ANSWER SECTION:
111.143.43.208.in-addr.arpa. 3600 IN PTR
208.43.143.111-static.reverse.softlayer.com.
Your problem isn't the Exchange server per se. Your problem is that you're
forwarding spam to it, and its anti-spam software is better than that on
your Postfix server, which causes the backscatter. Almost any mail coming
to you from Softlayer IP space is going to be spam, most likely snowshoe.
Softlayer is a generic ISP/COLO outfit with tons of resellers and terrible
(non existent) customer vetting. They have few, if any, legit email sending
customers. As you can see I've extensively SMTP blocked Softlayer over the
years. I suggest you do the same.
# Softlayer, Dallas 10/10/2008
66.228.112.0/20 REJECT
67.228.0.0/16 REJECT
74.86.0.0/16 REJECT
208.43.0.0/16 REJECT
174.36.0.0/15 REJECT
75.126.0.0/16 REJECT
173.192.0.0/15 REJECT
Beef up the anti spam capabilities on your Postfix server and this problem
will go away. Either that or tell the Exchange admin to silently
drop/discard/eat the spam instead of rejecting it back upstream. The former
is the preferable route, the latter the lazy route.
Agreed that most if not all is spam, however, I do not want to accept
the mail period much less accept it, then scam/ mark it and then drop
it. The reason I mark spam then drop into a specified users folder is so
that a user can review as need. In fact, we send out reminders to users
to look through their spam folders for these false positives. Also, it
appears that exchange is rejecting the mail and not accepting, scanning
then bouncing. It appears that exchange uses some other criteria to
check sender domain or that it does additional checks and simply
rejects with that message. I do realize that I could set up something
where we accept the mail to these domains, scan it then drop the email
if it is tagged as spam. What about the mail that passes the content
scanning? And what happens when this particular mail gets through and
they send 1 million. Is in not better to drop reject mail at the smtpd
level which would free resources and not allow specifically crafted mail
to even enter the content filter?
I think I have come to the conclusion that I need to contact their ISP
and ask that they turn these checks off and allow us to filter as
necessary. However, I would still like to reject before we send it over
to the spam software as it appears exchange has the means to catch these
and postfix does not or I cannot find a setting.
