From: Ram on
On Sat, 2010-07-10 at 14:15 +0200, Administrator Beckspaced.com wrote:
>
> On 7/9/2010 16:13, Administrator Beckspaced.com wrote:
> >
> >
> > On 7/9/2010 14:40, Ram wrote:
> >> On Fri, 2010-07-09 at 13:35 +0200, Administrator Beckspaced.com wrote:
> >>> On 7/9/2010 13:27, Robert Schetterer wrote:
> >>>> Am 09.07.2010 12:51, schrieb Administrator Beckspaced.com:
> >>>>> hello robert,
> >>>>>
> >>>>> thanks a lot for your quick reply ...
> >>>>> actually it is not always the same IP or host sending the error
> >>>>> bounces ...
> >>>>> the bounces are sent from hundred of different IP addresses ...
> >>>>>
> >>>>> any more idea?
> >>>>>
> >> Usually you can do very little to prevent forging your domain and
> >> sending spam.
> >> Some months ago one client of ours too had the same issue, but the issue
> >> is very temporary.
> >> The short term solution , as someone suggested, will be to temporarily
> >> defer all NDR's with a sender check regex file like
> >> /<>/ 450 Try Later
> >>
> >>
> >> ( The RFC's say you cant do this .. but sometimes you must be
> >> practical :-) )
> >>
> >>
> >>
> >>
> >> > From my personal experience I found that if , for your regular mailing
> >> you use some sender authentication mechanism like SPF then these NDR's
> >> significantly reduce. For eg many servers reject forged messages based
> >> on SPF checks so you dont get NDR's from them at least.
> >>
> >> I guess , spammers ( the more intelligent ones ... I mean ) too would
> >> be less inclined to forge a domain that uses sender authentication
> >> Because that will reduce the deliverability of their spams
> >>
> >> Thanks
> >> Ram
> >>
> >>
> >>
> >>
> >>
> > hello again robert & ram
> >
> > thanks again for your ideas ...
> >
> > so i had another search in google about that backscatter topic and
> > sort of found a nice, simple & also quick solution?
> >
> > SAFE MODE with Postfix:
> >
> > Edit /etc/postfix/main.cf:
> > smtpd_recipient_restrictions =
> > ...
> > check_sender_access dbm:/etc/postfix/check_backscatterer
> > ...
> > Create new file:/etc/postfix/check_backscatterer:
> > <> reject_rbl_client ips.backscatterer.org
> > postmaster reject_rbl_client ips.backscatterer.org
> >
> > well ... had to change the postfix dbm lookup to hash and do a postmap
> > on the file ...
> > but now this seems to work as it already rejected a few emails
> > according to the mail log ...
> >
> > more info can be found here ->
> >
> > http://www.backscatterer.org
> >
> > does anyone have any experience with that list?
> > is this a good longterm solution?
> >
> > best regards
> > becki
> >
> hello again ram, robert & postfix users ;-)
>
> already posted yesterday about the backscatterer.org ...
> but was a bit too skeptical to do the check on ALL NDR's for ALL email
> accounts on my mail server ...
>
> so i had a look around to do the check ONLY for that specific email account.
> it's actually quite easy with smtpd_restriction_classes
>
> i thought i will write a short 'todo' as it might help some other mail
> server administrators out there ... who knows?
>
> so first thing is to setup a restriction class in main.cf ->
>
> smtpd_restriction_classes = reject_ndr_class
> reject_ndr_class = check_sender_access hash:/etc/postfix/backscatter_check
>
> now create the backscatter_check file in /etc/postfix/
> touch /etc/postfix/backscatter_check
>
> and fill in this data
>
> <> reject_rbl_client ips.backscatterer.org
> postmaster reject_rbl_client ips.backscatterer.org
> MAILER-DAEMON reject_rbl_client ips.backscatterer.org


use a regexp: file
I dont think <> is supported in a hash: file

/<>/ reject_rbl_client ips.backscatterer.org
/^postmaster/ reject_rbl_client ips.backscatterer.org

From: Wietse Venema on
Ram:
> I dont think <> is supported in a hash: file

It is a special pattern for SMTPD access maps (i.e. this is
implemented in the Postfix access map code, not in the code
that implements hash or other databases).

smtpd_null_access_lookup_key (default: <>)
The lookup key to be used in SMTP access(5) tables instead of the null
sender address.

Wietse

From: Ansgar Wiechers on
On 2010-07-09 Administrator Beckspaced.com wrote:
> since a few weeks one of my email accounts gets bombarded with thousands
> of SPAM mailer daemon error bounces.
> could not deliver message ... bla bla bla ...
>
> it's getting really annoying as there are thousands of error bounces
> coming in every single day.
>
> looks like that the email address ended up on some SPAM mailing lists ...
> adn now the mailbox receives all this error message junk
>
> so ... what's the best strategy to get rid off this problem?
>
> already had a quick look ... and the error bounces come in with an empty
> <> from address ...
> which seems to be standard for this ... and by default postfix doesn't
> block empty from addresses <>
>
> so what's the best thing to do to get rid of those thousand error email
> bounces?
>
> thing is that the customer urgently needs this email account as it is
> signed up at many service providers.
>
> could i do a header check for this single email account and reject the
> empty from address <> for that email account only?
> what are my options? what's the smartest thing to do??

I don't know about "best strategy", but if you can route your outbound
mail through one server, you could try the proxy filter I wrote a while
ago to take care of this problem.

http://www.planetcobalt.net/sdb/backscatter.shtml

WFM, but beware that it's not tested on (and probably not suitable for)
high-volume servers.
</shameless-plug>

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky