On 10/26/2014 8:01 AM, Isaac Grover wrote: > Good morning all, > > It seems that blocking backscatter is an issue that plenty of folks > are talking about but working solutions are vague and rare. Our > single MTA running Postfix 2.11.0 does an okay job at blocking spam, > but backscatter is a known problem that we were made aware of when > Gmail was rate limiting mail forwarded from our server.
It's unclear if you're referring to your server as a source of backscatter -- thus getting blacklisted -- or a victim of backscatter, also called a joe-job. If you're the source -- meaning you're sending out postmaster notices of undeliverable mail -- don't accept undeliverable mail. In particular, don't use wildcard rewrites in virtual or canonical tables, and don't accept mail for non-existent users. If you're the victim -- you're receiving non-delivery notices for mail that didn't originate from your server -- the header checks examples in the postfix BACKSCATTER_README are safe and fairly effective. Of course you have to adjust them for your own domain. http://www.postfix.org/BACKSCATTER_README.html If you need more help or don't understand the examples, you'll need to provide more details, including log entries. -- Noel Jones > > Other than cryptic header checks and the guide at > http://www.backscatterer.org/?target=usage which appears to have > blocked legitimate mail when we implemented it, are there any > working configurations that successfully reject/drop backscatter > spam? Shown below is our postconf -n. > > > [root@mail ~]# uname -a > Linux [REMOVED] 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 > 17:20:51 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux > [root@mail ~]# postconf -d | grep mail_version > mail_version = 2.11.0 > milter_macro_v = $mail_name $mail_version > [root@mail ~]# postconf -n > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > content_filter = amavisfeed:[127.0.0.1]:10024 > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin > ddd $daemon_directory/$process_name $process_id & sleep 5 > dovecot_destination_recipient_limit = 1 > html_directory = no > inet_interfaces = all > inet_protocols = ipv4 > mail_owner = postfix > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > message_size_limit = 30720000 > milter_default_action = accept > mydestination = $myhostname, localhost, localhost.localdomain, > localhost.$mydomain > myhostname = mail.qcshosting.net <http://mail.qcshosting.net> > mynetworks = 127.0.0.0/8 <http://127.0.0.0/8>, [REMOVED]/32 > newaliases_path = /usr/bin/newaliases.postfix > non_smtpd_milters = $smtpd_milters > policyd-spf_time_limit = 3600s > postscreen_access_list = permit_mynetworks, > cidr:/etc/postfix/postscreen_access.cidr > postscreen_blacklist_action = drop > postscreen_dnsbl_action = enforce > postscreen_dnsbl_sites = zen.spamhaus.org > <http://zen.spamhaus.org>*3 b.barracudacentral.org > <http://b.barracudacentral.org>*3 bl.spameatingmonkey.net > <http://bl.spameatingmonkey.net>*2 bl.spamcop.net > <http://bl.spamcop.net>*2 dnsbl.sorbs.net <http://dnsbl.sorbs.net>*2 > db.wpbl.info <http://db.wpbl.info>*2 all.rbl.jp <http://all.rbl.jp> > ix.dnsbl.manitu.net <http://ix.dnsbl.manitu.net> dnsrbl.swinog.ch > <http://dnsrbl.swinog.ch> spamtrap.trblspam.com > <http://spamtrap.trblspam.com> swl.spamhaus.org > <http://swl.spamhaus.org>*-4 > postscreen_dnsbl_threshold = 3 > postscreen_greet_action = enforce > postscreen_greet_banner = > proxy_read_maps = $local_recipient_maps $mydestination > $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps > $virtual_mailbox_domains $relay_recipient_maps $relay_domains > $canonical_maps $sender_canonical_maps $recipient_canonical_maps > $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtpd_banner = $myhostname ESMTP $mail_name > smtpd_client_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unknown_client, > reject_unknown_reverse_client_hostname, permit > smtpd_data_restrictions = reject_unauth_pipelining > smtpd_delay_reject = yes > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_invalid_hostname, > reject_non_fqdn_hostname, permit > smtpd_milters = inet:127.0.0.1:8891 <http://127.0.0.1:8891> > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination, > reject_unknown_recipient_domain, check_client_access > hash:/etc/postfix/rbl_override_whitelist, check_policy_service > unix:private/policyd-spf > smtpd_relay_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_sender_login_maps = $virtual_mailbox_maps > smtpd_sender_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unknown_sender_domain, > reject_authenticated_sender_login_mismatch, permit > smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem > smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem > smtpd_tls_security_level = may > smtpd_use_tls = yes > strict_rfc821_envelopes = yes > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = > proxy:mysql:/etc/postfix/mysql-virtual_forwarders.cf > <http://mysql-virtual_forwarders.cf>, > proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf > <http://mysql-virtual_email2email.cf> > virtual_gid_maps = static:5000 > virtual_mailbox_base = /home/vmail > virtual_mailbox_domains = > proxy:mysql:/etc/postfix/mysql-virtual_domains.cf > <http://mysql-virtual_domains.cf> > virtual_mailbox_maps = > proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf > <http://mysql-virtual_mailboxes.cf> > virtual_transport = dovecot > virtual_uid_maps = static:5000 > [root@mail ~]# > > > Isaac Grover
