From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Jeroen Geilman
Sent: Friday, June 11, 2010 10:32 AM
To: postfix-users@postfix.org
Subject: Re: how to stop backscatter without check headers
On 06/11/2010 04:40 PM, motty.cruz wrote:
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Jeroen Geilman
Sent: Thursday, June 10, 2010 4:02 PM
To: postfix-users@postfix.org
Subject: Re: how to stop backscatter without check headers
On 06/11/2010 12:44 AM, motty.cruz wrote:
Is there a best way to stop backscatter spam without using check headers?
Traffic is too heavy to user check headers + we received email for three
different domains.
Using postfix 2.6.
Thanks,
motty
To stop backscatter spam, don't accept mail you cannot deliver.
That is a very smart answer, please pardon my stupidity.
Header_checks are trivially spoofed.
J.
Spammers spoof the "from" and gets redirected to "user" in my domain? How do
you fight that?
I don't understand what you mean.
I'm sorry for not being specific,
If spammers spoof the envelope sender, header_checks will not help you.
I know header_checks won't work that's the reason I posted this questions. I
have done read http://www.postfix.org/BACKSCATTER_README.html but eaither i
did not fully understood its contents or did not help me with me issue.
If spammers spoof the sender header, well, postfix doesn't look at From:
headers.
J.
Here is my postconf -n am I missing something?
host# postconf -n
alias_database = hash:/usr/local/etc/postfix/aliases
alternate_config_directories = /usr/local/etc/postfix-out
anvil_rate_time_unit = 2s
biff = no
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
in_flow_delay = 1s
local_recipient_maps = hash:/usr/local/etc/postfix/userdb,
hash:/usr/local/etc/postfix/uservirt
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 50000000
mydestination = foo1.com, foo2.com, foo3.com
myhostname = host.foo1.com
mynetworks = 127.0.0.0/8, 192.168.1.1/32
myorigin = foo1.com
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = hash:/usr/local/etc/postfix/relay_domains
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = host.foo1.com
smtpd_error_sleep_time = 0
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname,
reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination, reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unknown_helo_hostname
smtpd_sender_restrictions = hash:/usr/local/etc/postfix/access
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
header of spoof sender
Return-Path: <u...@foo1.com>
Received: from [89.216.172.32] (cable-89-216-172-32.dynamic.sbb.rs
[89.216.172.32])
by host.foo.com (Postfix) with ESMTP id B009FB8AF
for <u...@foo.com>; Fri, 28 May 2010 11:40:31 -0700 (PDT)
From: GenuineViagraOnline dealer <u...@foo.com>
To: u...@foo.com
Subject: Prices go down for user_lastname! 75% off. Sites and and
Date: Fri, 28 May 2010 20:40:43 +0200
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Any suggestions, advice welcome,
-motty
From: Mail Delivery Subsystem [mailto:mailer-dae...@smtp.newsguy.com]
Sent: Thursday, June 10, 2010 1:28 AM
To: u...@obscure.com
Subject: Returned mail: see transcript for details
The original message was received at Thu, 10 Jun 2010 01:28:19 -0700 (PDT)
from [124.217.198.141]
----- The following addresses had permanent fatal errors -----
<mailto:eri...@newsguy.com> <eri...@newsguy.com>
(reason: Can't create output)
----- Transcript of session follows ----- 550 5.0.0
<mailto:eri...@newsguy.com> <eri...@newsguy.com>... Can't create output