Good morning all, It seems that blocking backscatter is an issue that plenty of folks are talking about but working solutions are vague and rare. Our single MTA running Postfix 2.11.0 does an okay job at blocking spam, but backscatter is a known problem that we were made aware of when Gmail was rate limiting mail forwarded from our server.
Other than cryptic header checks and the guide at http://www.backscatterer.org/?target=usage which appears to have blocked legitimate mail when we implemented it, are there any working configurations that successfully reject/drop backscatter spam? Shown below is our postconf -n. [root@mail ~]# uname -a Linux [REMOVED] 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux [root@mail ~]# postconf -d | grep mail_version mail_version = 2.11.0 milter_macro_v = $mail_name $mail_version [root@mail ~]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 dovecot_destination_recipient_limit = 1 html_directory = no inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 30720000 milter_default_action = accept mydestination = $myhostname, localhost, localhost.localdomain, localhost.$mydomain myhostname = mail.qcshosting.net mynetworks = 127.0.0.0/8, [REMOVED]/32 newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = $smtpd_milters policyd-spf_time_limit = 3600s postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = drop postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*3 bl.spameatingmonkey.net*2 bl.spamcop.net*2 dnsbl.sorbs.net*2 db.wpbl.info*2 all.rbl.jp ix.dnsbl.manitu.net dnsrbl.swinog.ch spamtrap.trblspam.com swl.spamhaus.org*-4 postscreen_dnsbl_threshold = 3 postscreen_greet_action = enforce postscreen_greet_banner = proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP $mail_name smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client, reject_unknown_reverse_client_hostname, permit smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, permit smtpd_milters = inet:127.0.0.1:8891 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain, check_client_access hash:/etc/postfix/rbl_override_whitelist, check_policy_service unix:private/policyd-spf smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = $virtual_mailbox_maps smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch, permit smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem smtpd_tls_security_level = may smtpd_use_tls = yes strict_rfc821_envelopes = yes unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwarders.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = dovecot virtual_uid_maps = static:5000 [root@mail ~]# Isaac Grover
