how to stop backscatter without check headers
in [Postfix]
|
Prev: smtpd_bind_address
Next: recipient_bcc_maps override
From: "motty.cruz" on 10 Jun 2010 18:44 Is there a best way to stop backscatter spam without using check headers? Traffic is too heavy to user check headers + we received email for three different domains. Using postfix 2.6. Thanks, motty
From: Jeroen Geilman on 10 Jun 2010 19:01 On 06/11/2010 12:44 AM, motty.cruz wrote: > > Is there a best way to stop backscatter spam without using check > headers? Traffic is too heavy to user check headers + we received > email for three different domains. > > Using postfix 2.6. > > Thanks, > > motty > To stop backscatter spam, don't accept mail you cannot deliver. Header_checks are trivially spoofed. J.
From: "motty.cruz" on 11 Jun 2010 10:40 From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] On Behalf Of Jeroen Geilman Sent: Thursday, June 10, 2010 4:02 PM To: postfix-users(a)postfix.org Subject: Re: how to stop backscatter without check headers On 06/11/2010 12:44 AM, motty.cruz wrote: Is there a best way to stop backscatter spam without using check headers? Traffic is too heavy to user check headers + we received email for three different domains. Using postfix 2.6. Thanks, motty To stop backscatter spam, don't accept mail you cannot deliver. That is a very smart answer, please pardon my stupidity. Header_checks are trivially spoofed. J. Spammers spoof the "from" and gets redirected to "user" in my domain? How do you fight that? From: Mail Delivery Subsystem [mailto:MAILER-DAEMON(a)smtp.newsguy.com] Sent: Thursday, June 10, 2010 1:28 AM To: user(a)obscure.com Subject: Returned mail: see transcript for details The original message was received at Thu, 10 Jun 2010 01:28:19 -0700 (PDT) from [124.217.198.141] ----- The following addresses had permanent fatal errors ----- <ericha(a)newsguy.com> (reason: Can't create output) ----- Transcript of session follows ----- 550 5.0.0 <ericha(a)newsguy.com>... Can't create output
From: Jeroen Geilman on 11 Jun 2010 13:31 On 06/11/2010 04:40 PM, motty.cruz wrote: > > *From:* owner-postfix-users(a)postfix.org > [mailto:owner-postfix-users(a)postfix.org] *On Behalf Of *Jeroen Geilman > *Sent:* Thursday, June 10, 2010 4:02 PM > *To:* postfix-users(a)postfix.org > *Subject:* Re: how to stop backscatter without check headers > > On 06/11/2010 12:44 AM, motty.cruz wrote: > > Is there a best way to stop backscatter spam without using check > headers? Traffic is too heavy to user check headers + we received > email for three different domains. > > Using postfix 2.6. > > Thanks, > > motty > > > To stop backscatter spam, don't accept mail you cannot deliver. > > That is a very smart answer, please pardon my stupidity. > > > Header_checks are trivially spoofed. > > J. > > Spammers spoof the "from" and gets redirected to "user" in my domain? > How do you fight that? > I don't understand what you mean. If spammers spoof the envelope sender, header_checks will not help you. If spammers spoof the sender header, well, postfix doesn't look at From: headers. J. > From: Mail Delivery Subsystem [mailto:MAILER-DAEMON(a)smtp.newsguy.com] > > Sent: Thursday, June 10, 2010 1:28 AM > > To: user(a)obscure.com > > Subject: Returned mail: see transcript for details > > The original message was received at Thu, 10 Jun 2010 01:28:19 -0700 > (PDT) from [124.217.198.141] > > ----- The following addresses had permanent fatal errors ----- > <ericha(a)newsguy.com> > > (reason: Can't create output) > > ----- Transcript of session follows ----- 550 5.0.0 > <ericha(a)newsguy.com>... Can't create output >
From: "motty.cruz" on 11 Jun 2010 14:00
From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] On Behalf Of Jeroen Geilman Sent: Friday, June 11, 2010 10:32 AM To: postfix-users(a)postfix.org Subject: Re: how to stop backscatter without check headers On 06/11/2010 04:40 PM, motty.cruz wrote: From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] On Behalf Of Jeroen Geilman Sent: Thursday, June 10, 2010 4:02 PM To: postfix-users(a)postfix.org Subject: Re: how to stop backscatter without check headers On 06/11/2010 12:44 AM, motty.cruz wrote: Is there a best way to stop backscatter spam without using check headers? Traffic is too heavy to user check headers + we received email for three different domains. Using postfix 2.6. Thanks, motty To stop backscatter spam, don't accept mail you cannot deliver. That is a very smart answer, please pardon my stupidity. Header_checks are trivially spoofed. J. Spammers spoof the "from" and gets redirected to "user" in my domain? How do you fight that? I don't understand what you mean. I'm sorry for not being specific, If spammers spoof the envelope sender, header_checks will not help you. I know header_checks won't work that's the reason I posted this questions. I have done read http://www.postfix.org/BACKSCATTER_README.html but eaither i did not fully understood its contents or did not help me with me issue. If spammers spoof the sender header, well, postfix doesn't look at From: headers. J. Here is my postconf -n am I missing something? host# postconf -n alias_database = hash:/usr/local/etc/postfix/aliases alternate_config_directories = /usr/local/etc/postfix-out anvil_rate_time_unit = 2s biff = no command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no in_flow_delay = 1s local_recipient_maps = hash:/usr/local/etc/postfix/userdb, hash:/usr/local/etc/postfix/uservirt mail_owner = postfix mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man message_size_limit = 50000000 mydestination = foo1.com, foo2.com, foo3.com myhostname = host.foo1.com mynetworks = 127.0.0.0/8, 192.168.1.1/32 myorigin = foo1.com newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no relay_domains = hash:/usr/local/etc/postfix/relay_domains sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = host.foo1.com smtpd_error_sleep_time = 0 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_helo_hostname smtpd_sender_restrictions = hash:/usr/local/etc/postfix/access unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 header of spoof sender Return-Path: <user(a)foo1.com> Received: from [89.216.172.32] (cable-89-216-172-32.dynamic.sbb.rs [89.216.172.32]) by host.foo.com (Postfix) with ESMTP id B009FB8AF for <user(a)foo.com>; Fri, 28 May 2010 11:40:31 -0700 (PDT) From: GenuineViagraOnline dealer <user(a)foo.com> To: user(a)foo.com Subject: Prices go down for user_lastname! 75% off. Sites and and Date: Fri, 28 May 2010 20:40:43 +0200 MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit Any suggestions, advice welcome, -motty From: Mail Delivery Subsystem [mailto:MAILER-DAEMON(a)smtp.newsguy.com] Sent: Thursday, June 10, 2010 1:28 AM To: user(a)obscure.com Subject: Returned mail: see transcript for details The original message was received at Thu, 10 Jun 2010 01:28:19 -0700 (PDT) from [124.217.198.141] ----- The following addresses had permanent fatal errors ----- <mailto:ericha(a)newsguy.com> <ericha(a)newsguy.com> (reason: Can't create output) ----- Transcript of session follows ----- 550 5.0.0 <mailto:ericha(a)newsguy.com> <ericha(a)newsguy.com>... Can't create output |