Re: Stopping backscatter spam to a specific domain

Sun, 11 Jul 2021 12:13:59 -0700

See http://www.postfix.org/DEBUG_README.html#mail, which describes how best to get useful help here.
Actual log excerpts, sample messages related to that logging, and 'postconf -n' output would help a great deal in understanding your problem. 


In general, you only can fully fix backscatter (i.e. bounce emails) that 
your mail system generates. If you never reject mail after you have 
accepted it in SMTP, you will never generate backscatter. If you are not 
verifying forward deliverability at SMTP RCPT time or are doing content 
filtering asynchronously rather than before sending the end-of-data 
reply, you will generate backscatter that you will suffer for an should 
fix before the damage becomes worse than just one domain shunning you.




On 2021-07-11 at 14:35:11 UTC-0400 (Sun, 11 Jul 2021 11:35:11 -0700)
Ron Garret <r...@flownet.com>
is rumored to have said:


On Jul 11, 2021, at 10:12 AM, Wietse Venema <wie...@porcupine.org> 
wrote:



Ron Garret:
[ Charset windows-1252 converted... ]



On Jul 11, 2021, at 9:58 AM, Wietse Venema <wie...@porcupine.org> 
wrote:



Ron Garret:

I have recently come under a backscatter spam attack from one
specific domain.  This domain has blacklisted my server?s IP
address, and so bounce replies sent to this domain are piling up

in my mail queue and I have to go through periodically and 
manually

delete them.  I don?t want to disable bounce messages in general

because I don?t want incoming messages with typos in the 
destination

address to just vanish into the cosmic void.  Is there a way to
disable bounce replies for a specific domain?


Why is your server sending bounces (or any other email) to that
domain?



Because spammers are sending messages with forged return-path 
headers to invalid addresses on my server.  It?s called backscatter:


You must reject mail for invalid recipient addresses. Otherwise,
you deserve by 100% the problem that you experience.


AFAIK, I am:

smtpd_recipient_restrictions =
  reject_unauth_pipelining,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,
  permit


The problem is that a rejected recipient produces a mailer-daemon 
reply.


rg



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire






















					Reply via email to