A fix that I recently applied for a backscatter problem.
Gmail is the example used below, but the problem and solution are not
Gmail-specific.
The problem: Spam arrives for a user, gets past spam filter, is forwarded
by receiving user to their Gmail address, gets a permanent rejection from
Gmail, and bounces back to a forged sender, thus forming backscatter.
The fix:
- Identify error strings that Gmail returns to permanently reject spam.
- Use sender_dependent_default_transport_maps to route mail with empty
sender to a 2nd instance of Postfix via SMTP.
- Use body_checks in 2nd instance of Postfix to match Gmail error strings
mentioned above and discard matching mail.
Using a second Postfix instance was the only way I found of applying
body_checks only to bounced mail and to no other mail.
There is a second problem for which the fix is not so elegant. If Gmail
detects spam but returns a temporary error, the spam will remain in the
queue until its lifetime expires. The only way I found of dealing with
this is to run a cron job that does 'mailq', finds Gmail spam-bounce
messages, and calls postsuper -d to delete those queue-ids.
(The most ironic instance of the above second problem occurs when Gmail
itself originates spam, which is forwarded by a recipient to their Gmail
address, and then when it is forwarded back to Gmail, it is rejected by
Gmail with a temporary error.)
RFC IDEA
Anybody interested, please propose spam-specific error codes for SMTP and
draft an RFC. Then any site rejecting mail as spam would use those error
codes, and allow sending sites to handle those bounces differently from
other non-spam bounces. The closest I can find is
X.7.1 Delivery not authorized, message refused
which is quite vague.
Rahul
