Am 09.07.2010 13:35, schrieb Administrator Beckspaced.com: > > > On 7/9/2010 13:27, Robert Schetterer wrote: >> Am 09.07.2010 12:51, schrieb Administrator Beckspaced.com: >>> hello robert, >>> >>> thanks a lot for your quick reply ... >>> actually it is not always the same IP or host sending the error >>> bounces ... >>> the bounces are sent from hundred of different IP addresses ... >>> >>> any more idea? >>> >>> thanks for your help& fun >>> becki >>> >>> >>> below some logs you requested ... change the real email account to >>> spamu...@domain.com -> >>> >>> Jul 8 12:20:27 gehirn postfix/smtpd[19857]: NOQUEUE: reject: RCPT from >>> crusty.hosts.net.nz[210.48.108.195]: 554 5.7.1<spamu...@domain.com>: >>> Recipient address rejected: Access denied; from=<> >>> to=<spamu...@domain.com> proto=SMTP helo=<crusty.hosts.net.nz> >>> Jul 8 12:22:08 gehirn postfix/smtpd[19859]: NOQUEUE: reject: RCPT from >>> mailx.nlabs.de[92.79.50.220]: 554 5.7.1<spamu...@domain.com>: Recipient >>> address rejected: Access denied; from=<> to=<spamu...@domain.com> >>> proto=SMTP helo=<mailx.nlabs.de> >>> Jul 8 12:22:48 gehirn postfix/smtpd[19854]: warning: 222.254.188.229: >>> address not listed for hostname localhost >>> Jul 8 12:23:28 gehirn postfix/smtpd[18358]: NOQUEUE: reject: RCPT from >>> port-87-234-220-121.static.qsc.de[87.234.220.121]: 554 5.7.1 >>> <spamu...@domain.com>: Recipient address rejected: Access denied; >>> from=<> to=<spamu...@domain.com> proto=SMTP helo=<mforward> >>> Jul 8 12:26:22 gehirn postfix/smtpd[19854]: setting up TLS connection >>> from mail.aydin.edu.tr[212.174.169.8] >>> Jul 8 12:26:22 gehirn postfix/smtpd[19854]: TLS connection established >>> from mail.aydin.edu.tr[212.174.169.8]: TLSv1 with cipher >>> DHE-RSA-AES256-SHA (256/256 bits) >>> Jul 8 12:26:22 gehirn postfix/smtpd[19854]: NOQUEUE: reject: RCPT from >>> mail.aydin.edu.tr[212.174.169.8]: 554 5.7.1<spamu...@domain.com>: >>> Recipient address rejected: Access denied; from=<> >>> to=<spamu...@domain.com> proto=ESMTP helo=<Mailsrv.aydin.edu.tr> >>> Jul 8 12:27:57 gehirn postfix/smtpd[19850]: NOQUEUE: reject: RCPT from >>> svhqgtw02.ethiopianairlines.com[213.55.83.14]: 554 5.7.1 >>> <spamu...@domain.com>: Recipient address rejected: Access denied; >>> from=<> to=<spamu...@domain.com> proto=SMTP >>> helo=<svhqgtw02.ethiopianairlines.com> >>> Jul 8 12:27:58 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from >>> svhqgtw02.ethiopianairlines.com[213.55.83.14]: 554 5.7.1 >>> <spamu...@domain.com>: Recipient address rejected: Access denied; >>> from=<> to=<spamu...@domain.com> proto=SMTP >>> helo=<svhqgtw02.ethiopianairlines.com> >>> Jul 8 12:28:27 gehirn postfix/smtpd[18358]: A565C150A7D: >>> client=relay02.is.co.za[196.35.6.70] >>> Jul 8 12:28:31 gehirn postfix/smtpd[20525]: 78BEC150A7F: >>> client=localhost[127.0.0.1] >>> Jul 8 12:28:35 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from >>> mx2.lost-oasis.net[80.67.160.52]: 554 5.7.1<spamu...@domain.com>: >>> Recipient address rejected: Access denied; from=<> >>> to=<spamu...@domain.com> proto=SMTP helo=<mx2.lost-oasis.net> >>> Jul 8 12:29:23 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from >>> defer114.ocn.ad.jp[122.28.15.169]: 554 5.7.1<spamu...@domain.com>: >>> Recipient address rejected: Access denied; from=<> >>> to=<spamu...@domain.com> proto=ESMTP helo=<defer114.ocn.ad.jp> >>> Jul 8 12:29:49 gehirn postfix/smtpd[19850]: E4B86150AE9: >>> client=unknown[184.154.34.69] >>> Jul 8 12:29:56 gehirn postfix/smtpd[20525]: 8B7F4150AF6: >>> client=localhost[127.0.0.1] >>> Jul 8 12:30:43 gehirn postfix/smtpd[19854]: NOQUEUE: reject: RCPT from >>> post.vrus.de[85.182.133.62]: 554 5.7.1<spamu...@domain.com>: Recipient >>> address rejected: Access denied; from=<> >>> >>> On 7/9/2010 12:42, Robert Schetterer wrote: >>>> Am 09.07.2010 12:35, schrieb Administrator Beckspaced.com: >>>>> hello there, >>>>> >>>>> i'm running a postfix 2.4.6 on a opensuse box. >>>>> postfix has amawis-new with spamassasin installed ... >>>>> >>>>> since a few weeks one of my email accounts gets bombarded with >>>>> thousands >>>>> of SPAM mailer daemon error bounces. >>>>> could not deliver message ... bla bla bla ... >>>>> >>>>> it's getting really annoying as there are thousands of error bounces >>>>> coming in every single day. >>>>> >>>>> looks like that the email address ended up on some SPAM mailing lists >>>>> ... adn now the mailbox receives all this error message junk >>>>> >>>>> so ... what's the best strategy to get rid off this problem? >>>>> >>>>> already had a quick look ... and the error bounces come in with an >>>>> empty >>>>> <> from address ... >>>>> which seems to be standard for this ... and by default postfix doesn't >>>>> block empty from addresses<> >>>>> >>>>> so what's the best thing to do to get rid of those thousand error >>>>> email >>>>> bounces? >>>>> >>>>> thing is that the customer urgently needs this email account as it is >>>>> signed up at many service providers. >>>>> >>>>> could i do a header check for this single email account and reject the >>>>> empty from address<> for that email account only? >>>>> what are my options? what's the smartest thing to do?? >>>>> >>>>> thanks a lot for your help& service >>>>> >>>>> with best regards >>>>> becki >>>>> >>>> if it always the same host sending backscatter >>>> simple block the host by access list and/or firewall >>>> >>>> lets see some logs, there are many way to deal with backscatter >>>> >> please dont top post, >> >> do they have always the same body ? >> or equal bodies which might can be matched >> with some body_checks >> >> something like >> main.cf >> body_checks = pcre:/etc/postfix/body_checks >> >> /sunstarcasino\.net/ REJECT backscatter >> >> > no ... they don't always have equal message bodies ... > it's not always the same host ... it's thousands of different hosts and > IP addresses .. > > but of course some message body could be the same ... e.g. > > i'm sorry to inform you that your message could not get delivered ... > bla .. bla ... bla ... > > still not sure how to fix this ... any more ideas? > > best regards > becki >
hm, if the bounces are known to sanesecurity antispam you can reject them with clamav milter on income smtp level short fix may block incomming mail from <> to that special recipient ( but thats not for long terms ) with restriction classes, but this will block legal bounces too read http://www.postfix.org/BACKSCATTER_README.html for more options you should use a combi of options the body_check may help quick to reduce please check if you can stop some cons with using rbls etc -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
