On 7/9/2010 13:27, Robert Schetterer wrote:
Am 09.07.2010 12:51, schrieb Administrator Beckspaced.com:
hello robert,
thanks a lot for your quick reply ...
actually it is not always the same IP or host sending the error bounces ...
the bounces are sent from hundred of different IP addresses ...
any more idea?
thanks for your help& fun
becki
below some logs you requested ... change the real email account to
spamu...@domain.com ->
Jul 8 12:20:27 gehirn postfix/smtpd[19857]: NOQUEUE: reject: RCPT from
crusty.hosts.net.nz[210.48.108.195]: 554 5.7.1<spamu...@domain.com>:
Recipient address rejected: Access denied; from=<>
to=<spamu...@domain.com> proto=SMTP helo=<crusty.hosts.net.nz>
Jul 8 12:22:08 gehirn postfix/smtpd[19859]: NOQUEUE: reject: RCPT from
mailx.nlabs.de[92.79.50.220]: 554 5.7.1<spamu...@domain.com>: Recipient
address rejected: Access denied; from=<> to=<spamu...@domain.com>
proto=SMTP helo=<mailx.nlabs.de>
Jul 8 12:22:48 gehirn postfix/smtpd[19854]: warning: 222.254.188.229:
address not listed for hostname localhost
Jul 8 12:23:28 gehirn postfix/smtpd[18358]: NOQUEUE: reject: RCPT from
port-87-234-220-121.static.qsc.de[87.234.220.121]: 554 5.7.1
<spamu...@domain.com>: Recipient address rejected: Access denied;
from=<> to=<spamu...@domain.com> proto=SMTP helo=<mforward>
Jul 8 12:26:22 gehirn postfix/smtpd[19854]: setting up TLS connection
from mail.aydin.edu.tr[212.174.169.8]
Jul 8 12:26:22 gehirn postfix/smtpd[19854]: TLS connection established
from mail.aydin.edu.tr[212.174.169.8]: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits)
Jul 8 12:26:22 gehirn postfix/smtpd[19854]: NOQUEUE: reject: RCPT from
mail.aydin.edu.tr[212.174.169.8]: 554 5.7.1<spamu...@domain.com>:
Recipient address rejected: Access denied; from=<>
to=<spamu...@domain.com> proto=ESMTP helo=<Mailsrv.aydin.edu.tr>
Jul 8 12:27:57 gehirn postfix/smtpd[19850]: NOQUEUE: reject: RCPT from
svhqgtw02.ethiopianairlines.com[213.55.83.14]: 554 5.7.1
<spamu...@domain.com>: Recipient address rejected: Access denied;
from=<> to=<spamu...@domain.com> proto=SMTP
helo=<svhqgtw02.ethiopianairlines.com>
Jul 8 12:27:58 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from
svhqgtw02.ethiopianairlines.com[213.55.83.14]: 554 5.7.1
<spamu...@domain.com>: Recipient address rejected: Access denied;
from=<> to=<spamu...@domain.com> proto=SMTP
helo=<svhqgtw02.ethiopianairlines.com>
Jul 8 12:28:27 gehirn postfix/smtpd[18358]: A565C150A7D:
client=relay02.is.co.za[196.35.6.70]
Jul 8 12:28:31 gehirn postfix/smtpd[20525]: 78BEC150A7F:
client=localhost[127.0.0.1]
Jul 8 12:28:35 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from
mx2.lost-oasis.net[80.67.160.52]: 554 5.7.1<spamu...@domain.com>:
Recipient address rejected: Access denied; from=<>
to=<spamu...@domain.com> proto=SMTP helo=<mx2.lost-oasis.net>
Jul 8 12:29:23 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from
defer114.ocn.ad.jp[122.28.15.169]: 554 5.7.1<spamu...@domain.com>:
Recipient address rejected: Access denied; from=<>
to=<spamu...@domain.com> proto=ESMTP helo=<defer114.ocn.ad.jp>
Jul 8 12:29:49 gehirn postfix/smtpd[19850]: E4B86150AE9:
client=unknown[184.154.34.69]
Jul 8 12:29:56 gehirn postfix/smtpd[20525]: 8B7F4150AF6:
client=localhost[127.0.0.1]
Jul 8 12:30:43 gehirn postfix/smtpd[19854]: NOQUEUE: reject: RCPT from
post.vrus.de[85.182.133.62]: 554 5.7.1<spamu...@domain.com>: Recipient
address rejected: Access denied; from=<>
On 7/9/2010 12:42, Robert Schetterer wrote:
Am 09.07.2010 12:35, schrieb Administrator Beckspaced.com:
hello there,
i'm running a postfix 2.4.6 on a opensuse box.
postfix has amawis-new with spamassasin installed ...
since a few weeks one of my email accounts gets bombarded with thousands
of SPAM mailer daemon error bounces.
could not deliver message ... bla bla bla ...
it's getting really annoying as there are thousands of error bounces
coming in every single day.
looks like that the email address ended up on some SPAM mailing lists
... adn now the mailbox receives all this error message junk
so ... what's the best strategy to get rid off this problem?
already had a quick look ... and the error bounces come in with an empty
<> from address ...
which seems to be standard for this ... and by default postfix doesn't
block empty from addresses<>
so what's the best thing to do to get rid of those thousand error email
bounces?
thing is that the customer urgently needs this email account as it is
signed up at many service providers.
could i do a header check for this single email account and reject the
empty from address<> for that email account only?
what are my options? what's the smartest thing to do??
thanks a lot for your help& service
with best regards
becki
if it always the same host sending backscatter
simple block the host by access list and/or firewall
lets see some logs, there are many way to deal with backscatter
please dont top post,
do they have always the same body ?
or equal bodies which might can be matched
with some body_checks
something like
main.cf
body_checks = pcre:/etc/postfix/body_checks
/sunstarcasino\.net/ REJECT backscatter
no ... they don't always have equal message bodies ...
it's not always the same host ... it's thousands of different hosts and
IP addresses ..
but of course some message body could be the same ... e.g.
i'm sorry to inform you that your message could not get delivered ...
bla .. bla ... bla ...
still not sure how to fix this ... any more ideas?
best regards
becki
--
Beckspaced.com - WebDesign, Hosting& Solutions
CEO Becki Beckmann
Marienplatz 9
97353 Wiesentheid
Germany
Phone: 09383-425
P.O. Box 15
Thongsala
84280 Koh Phangan
Suratthani / Thailand
Phone: 077-377 733
Mobile: 087-2828826
----------------------------------------------
Optimism is only a lack of information!
----------------------------------------------
WebDesign& Hosting - http://beckspaced.com - Are You Beckspaced?
Phangan Independent News - http://kohphangannews.org - The Awful Truth!
