Am 11.06.2010 19:31, schrieb Jeroen Geilman:
> On 06/11/2010 04:40 PM, motty.cruz wrote:
>>
>>
>>
>>
>>
>> *From:* owner-postfix-us...@postfix.org
>> [mailto:owner-postfix-us...@postfix.org] *On Behalf Of *Jeroen Geilman
>> *Sent:* Thursday, June 10, 2010 4:02 PM
>> *To:* postfix-users@postfix.org
>> *Subject:* Re: how to stop backscatter without check headers
>>
>>
>>
>> On 06/11/2010 12:44 AM, motty.cruz wrote:
>>
>> Is there a best way to stop backscatter spam without using check
>> headers? Traffic is too heavy to user check headers + we received
>> email for three different domains.
>>
>> Using postfix 2.6.
>>
>>
>>
>> Thanks,
>>
>> motty
>>
>>
>> To stop backscatter spam, don't accept mail you cannot deliver.
>>
>> That is a very smart answer, please pardon my stupidity.
>>
>>
>> Header_checks are trivially spoofed.
>>
>> J.
>>
>> Spammers spoof the “from” and gets redirected to “user” in my domain?
>> How do you fight that?
>>
>
> I don't understand what you mean.
> If spammers spoof the envelope sender, header_checks will not help you.
> If spammers spoof the sender header, well, postfix doesn't look at From:
> headers.
>
> J.
>
>> From: Mail Delivery Subsystem [mailto:mailer-dae...@smtp.newsguy.com]
>>
>> Sent: Thursday, June 10, 2010 1:28 AM
>>
>> To: u...@obscure.com
>>
>> Subject: Returned mail: see transcript for details
>>
>>
>>
>> The original message was received at Thu, 10 Jun 2010 01:28:19 -0700
>> (PDT) from [124.217.198.141]
>>
>>
>>
>> ----- The following addresses had permanent fatal errors -----
>> <eri...@newsguy.com>
>>
>> (reason: Can't create output)
>>
>>
>>
>> ----- Transcript of session follows ----- 550 5.0.0
>> <eri...@newsguy.com>... Can't create output
>>
>>
>>
>>
>>
>
hi,
you can do it like this, but think and analyse your logs and setup before,
dont simple copy paste
i.e
smtpd_sender_restrictions = reject_unknown_sender_domain,
reject_non_fqdn_sender,
permit_mynetworks,
check_sender_access
hash:/etc/postfix/sender_backscatter_access,
---
/etc/postfix/sender_backscatter_access
Symantec_Mail_Security_for_SMTP@ backscatter
Gateway_SMTP@ backscatter
Notify_nav_gateways@ backscatter
<> backscatter
postmaster@ backscatter
MAILER-DAEMON@ backscatter
devnull@ backscatter
MDaemon@ backscatter
imsspostmaster@ backscatter
Administrator@ backscatter
imss@ backscatter
majordomo@ backscatter
symantec_antivirus_for_smtp_gateways@ backscatter
Mail_Security_for_SMTP@ backscatter
FETCHMAIL-DAEMON@ backscatter
NULL@ backscatter
------
smtpd_restriction_classes = ....,
backscatter,
....
-----
from here you may use rbls and/or a list of your well known
backscattered recipients
or match it only to your daily backscatter ips etc,
many combinations are possible, keep care that they make sense
rejecting valid bounce mails i.e from <> may loose you
urgent debug info
backscatter = permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org,
check_recipient_access hash:/etc/postfix/backscatter_recipient_access
Again attention , you should analyse your logs and setup
to match setup like this to your needs
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
