AW: Catch a forged Return Path

2021-02-06 Thread ludicree
Hi, >Does Plesk not give you access to the main.cf file? How do you configure >postfix at all? Plesk does rewrite the main.cf file (and possible others) upon changes in the GUI or updates. Not everything gets thrown out, but quite some lines revert to a Plesk default. It is not bad when it is

Re: Catch a forged Return Path

2021-02-06 Thread @lbutlr
On 06 Feb 2021, at 02:19, ludic...@gmail.com wrote: > but not sure how to implement that on a Plesk machine. Does Plesk not give you access to the main.cf file? How do you configure postfix at all? > To use the postscreen(8) service to block mail,

AW: Catch a forged Return Path

2021-02-06 Thread ludicree
Hi, >On 6/02/21 2:23 am, Matus UHLAR - fantomas wrote: >> while I support using postscreen, I'm not sure it would be able to >> catch backscatter, becsuse backscatter often comes from servers who >> properly follow SMTP RFCs. >The question here is whether this is really backscatter, or just spa

Re: Catch a forged Return Path

2021-02-06 Thread Nick Tait
On 6/02/21 2:23 am, Matus UHLAR - fantomas wrote: while I support using postscreen, I'm not sure it would be able to catch backscatter, becsuse backscatter often comes from servers who properly follow SMTP RFCs. The question here is whether this is really backscatter, or just spam taking adva

Re: Catch a forged Return Path

2021-02-05 Thread Matus UHLAR - fantomas
On 2021-02-04 09:08, ludic...@gmail.com wrote: new MS Azure Cloudapp Spam Wave these days. Just a few hosts, but a lot of Spam. There is a pattern there, they all use Return-Path: to disguise as a bounce and bypass any further checks. So the PCRE header check /^Return-Path: / REJECT For

Re: Catch a forged Return Path

2021-02-04 Thread Christian Kivalo
On 2021-02-04 09:08, ludic...@gmail.com wrote: Hi all, new MS Azure Cloudapp Spam Wave these days. Just a few hosts, but a lot of Spam. There is a pattern there, they all use Return-Path: to disguise as a bounce and bypass any further checks. So the PCRE header check /^Return-Path: /

Re: Catch a forged Return Path

2021-02-04 Thread Matus UHLAR - fantomas
So the PCRE header check /^Return-Path: / REJECT Forged Return-Path does not catch. are you sure it's a Return-Path header? usually, envelope sender is put to Return-Path, so you may need to block envelope sender MAILER-DAEMON. You can see Return-Path after delivery to mbox, but it's often

AW: Catch a forged Return Path

2021-02-04 Thread ludicree
Hi, >>Return-Path: >> >>to disguise as a bounce and bypass any further checks. >> >>So the PCRE header check >> >>/^Return-Path: / REJECT Forged Return-Path >> >>does not catch. >are you sure it's a Return-Path header? >usually, envelope sender is put to Return-Path, so you may need to b

Re: Catch a forged Return Path

2021-02-04 Thread Matus UHLAR - fantomas
On 04.02.21 09:08, ludic...@gmail.com wrote: Just a few hosts, but a lot of Spam. There is a pattern there, they all use Return-Path: to disguise as a bounce and bypass any further checks. So the PCRE header check /^Return-Path: / REJECT Forged Return-Path does not catch. are you sure i

Catch a forged Return Path

2021-02-04 Thread ludicree
Hi all, new MS Azure Cloudapp Spam Wave these days. Just a few hosts, but a lot of Spam. There is a pattern there, they all use Return-Path: to disguise as a bounce and bypass any further checks. So the PCRE header check /^Return-Path: / REJECT Forged Return-Path does not catch. Any other