Gotit. Thanks again for helping me out. I'm still learning. So it seems I need to figure out how to stop the backscatter process at step 6 and NOT return the bounce to the original sender. I went through my log looking for an entire process like you described. I think I found one:
Oct 18 18:22:36 carbonfiber postfix/smtpd[16152]: connect from unknown[117.199.192.62] Oct 18 18:22:39 carbonfiber postfix/smtpd[16152]: 7B3CC1042340: client=unknown[117.199.192.62] Oct 18 18:22:41 carbonfiber postfix/cleanup[16169]: 7B3CC1042340: message-id=<000701cb6f2c$2b3e2bd0$42c5b...@procom.ca> Oct 18 18:22:41 carbonfiber postfix/qmgr[18644]: 7B3CC1042340: from=<genevievegentr...@procom.ca>, size=969, nrcpt=1 (queue active) Oct 18 18:22:42 carbonfiber postfix/smtpd[16152]: disconnect from unknown[117.199.192.62] Oct 18 18:22:42 carbonfiber postfix/smtp[16187]: 7B3CC1042340: to=<myauntsacco...@cox.net>, orig_to=<mya...@familyname.com>, relay=mx.east.cox.net[68.1.17.3]:25, delay=4.5, delays=2.9/0/1.3/0.33, dsn=5.2.0, status=bounced (host mx.east.cox.net[68.1.17.3] said: 552 5.2.0 LRNh1f01430Aua001RNica Message Rejected - Error Code: URLBL011 - Refer to Error Codes section at http://postmaster.cox.net/confluence/display/postmaster/Error+Codes for more information. (in reply to end of DATA command)) Oct 18 18:22:42 carbonfiber postfix/cleanup[16195]: EC17E10423F3: message-id=<20101019012242.ec17e1042...@carbonfiber.familyname.com> Oct 18 18:22:42 carbonfiber postfix/bounce[16214]: 7B3CC1042340: sender non-delivery notification: EC17E10423F3 Oct 18 18:22:42 carbonfiber postfix/qmgr[18644]: EC17E10423F3: from=<>, size=3479, nrcpt=1 (queue active) Oct 18 18:22:42 carbonfiber postfix/qmgr[18644]: 7B3CC1042340: removed Oct 18 18:22:43 carbonfiber postfix/smtp[16185]: certificate verification failed for procommail.procom.ca[216.138.225.134]:25: untrusted issuer /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 Oct 18 18:22:43 carbonfiber postfix/smtp[16185]: EC17E10423F3: to=<genevievegentr...@procom.ca>, relay=procommail.procom.ca[216.138.225.134]:25, delay=1, delays=0.03/0/0.68/0.3, dsn=5.0.0, status=bounced (host procommail.procom.ca[216.138.225.134] said: 550 No such user (genevievegentr...@procom.ca) (in reply to RCPT TO command)) Oct 18 18:22:44 carbonfiber postfix/qmgr[18644]: EC17E10423F3: removed The instructions at http://www.postfix.org/BACKSCATTER_README.html seem to only address what to do if MY server is the one being forged. In the above example, it seems that procom.ca is being forged. How should I configure my Postfix installation so that I'm not sending the spam back to the innocent sender? Let me know if you need me to post my postconf -n again. Thanks, Steve -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Monday, October 18, 2010 12:07 PM To: Postfix users Subject: Re: Fighting Backscatter > 1) SpamCo forges a message from innoc...@victim.com and sends it to > mya...@familyname.com > > 2) My server (familyname.com) accepts the message because > mya...@familyname is a valid recipient that appears in my virtual > aliases file, then forwards the message (based on the info in that > virtual aliases file) to my aunt's actual email address of > auntiemildredloveskitt...@cox.net 3) YOUR SERVER tries to forward the SPAM to Cox. 4) Cox rejects the SPAM. 5) The SPAM is still on YOUR SERVER. 6) YOUR SERVER "returns" the SPAM to an innocent person. 7) YOUR SERVER is blacklisted because it sends backscatter. Wietse
