bijayant kumar a écrit : > My question is, spammers forges the from address and sends the spam where > from address and to address are same. Like in my case I am getting the spam > mails from bijay...@kavach.com to bijay...@kavach.com. So, I googled and > found that after reject_unauth_destination I have to add one > check_sender_access in which I have to write kavach.com REJECT. It means that > reject all the mails which are not doing smtp-authetication and the domains > are local, right? > To test the above settings I telnetted to 192.168.99.22 (another postfix > installed machine) and tried to send "mail from and rcpt to" as > bijay...@kavach.com. As expected it got rejected. But I have also received > the bounce message also from the sender "<>". I am wondering if this is by > default then my users will get lots of bounce notification mails which they > have never sent. So, the total idea behind implementing this feature will > fail. There has to be some way that I am not able to find. Please suggest how > should I proceed. Am I testing in the wrong way or missing any thing? >
and the test succeeds. the postfix that you configured _rejected_ the transaction. it did not send a bounce. The bounce was sent by 192.168.99.22 and this is the right behaviour for a "real" MTA. if the spam is sent by ratware (and not a "real" MTA), the ratware will generally ignore the rejection and no bounce will be created. so far so good. if the spammer sends using a real MTA, you will get a bounce. The BACKSCATTER README contains ideas to help fight backscatter. This won't block all backscatter, but it's a good start. > > Thats not a case, we are receiving the Bounce messages for local users. if the above is not enough, use a policy server (or a real time log parser) to temporarily block the offending IP.