Simon:
> We are using postfix with debian lenny...
>
>
> We are receiving what appears to be backscatter from spam that is using a
> valid address in the Return Path. I have included an example of the header
> info from one of the spam messages below. The _From_ and _To_ addresses just
> seem to be random and are not related to us in any way. Does anyone know to
> block this sort of backscatter?
>
>
> Original message headers:
Safe suggestion: if there is any information in the header or body
content that appears to be common between spam messages, then you
can use a header_checks or body_checks HOLD action and freeze the
mail in the queue, then clean it up later.
Not-so-safe suggestion: defer all bounces for the affected address.
Untested example:
/etc/postfix/main.cf
restriction_classes = defer-bounce
defer-bounce = check_sender_access hash:/etc/postfix/mail_access
smtpd_recipient_restrictions =
permit_mynetworks
...
reject_unauth_destination
check_recipient_access hash:/etc/postfix/rcpt_access
...
/etc/postfix/rcpt_access:
[email protected] defer-bounce
/etc/postfix/mail_access:
<> defer this recipient is receiving too many bounces
mailer-daemon@ defer this recipient is receiving too many bounces
postmaster@ defer this recipient is receiving too many bounces
Wietse
>
>
> Return-Path: <soa@* <[email protected]>*[ourdomain.actual.domain]**>
> Received: from 195-191-72-102.optolan.net.ua (unknown [195.191.72.102])
> by smtp-0.counselschambers.com.au (Postfix) with ESMTP id
> 1D400396B7E
> for <[email protected]>; Wed, 2 Feb 2011 08:28:43 +1100
> (EST)
> From: [email protected]
> To: <[email protected]>
> Subject: Position opening in your area
> MIME-Version: 1.0
> Importance: High
> Content-Type: text/html
> Message-ID: <[email protected]>
> Date: Wed, 2 Feb 2011 08:28:43 +1100
>
> Thanks
>
> Simon
