Re: Catch a forged Return Path

2021-02-06 Thread @lbutlr
On 06 Feb 2021, at 02:19, ludic...@gmail.com wrote: > but not sure how to implement that on a Plesk machine. Does Plesk not give you access to the main.cf file? How do you configure postfix at all? > To use the postscreen(8) service to block mail,

Re: Catch a forged Return Path

2021-02-06 Thread Nick Tait
On 6/02/21 2:23 am, Matus UHLAR - fantomas wrote: while I support using postscreen, I'm not sure it would be able to catch backscatter, becsuse backscatter often comes from servers who properly follow SMTP RFCs. The question here is whether this is really backscatter, or just spam taking adva

Re: Catch a forged Return Path

2021-02-05 Thread Matus UHLAR - fantomas
On 2021-02-04 09:08, ludic...@gmail.com wrote: new MS Azure Cloudapp Spam Wave these days. Just a few hosts, but a lot of Spam. There is a pattern there, they all use Return-Path: to disguise as a bounce and bypass any further checks. So the PCRE header check /^Return-Path: / REJECT For

Re: Catch a forged Return Path

2021-02-04 Thread Christian Kivalo
On 2021-02-04 09:08, ludic...@gmail.com wrote: Hi all, new MS Azure Cloudapp Spam Wave these days. Just a few hosts, but a lot of Spam. There is a pattern there, they all use Return-Path: to disguise as a bounce and bypass any further checks. So the PCRE header check /^Return-Path: /

Re: Catch a forged Return Path

2021-02-04 Thread Matus UHLAR - fantomas
So the PCRE header check /^Return-Path: / REJECT Forged Return-Path does not catch. are you sure it's a Return-Path header? usually, envelope sender is put to Return-Path, so you may need to block envelope sender MAILER-DAEMON. You can see Return-Path after delivery to mbox, but it's often

Re: Catch a forged Return Path

2021-02-04 Thread Matus UHLAR - fantomas
On 04.02.21 09:08, ludic...@gmail.com wrote: Just a few hosts, but a lot of Spam. There is a pattern there, they all use Return-Path: to disguise as a bounce and bypass any further checks. So the PCRE header check /^Return-Path: / REJECT Forged Return-Path does not catch. are you sure i