Simon: > We are using postfix with debian lenny... > > > We are receiving what appears to be backscatter from spam that is using a > valid address in the Return Path. I have included an example of the header > info from one of the spam messages below. The _From_ and _To_ addresses just > seem to be random and are not related to us in any way. Does anyone know to > block this sort of backscatter? > > > Original message headers:
Safe suggestion: if there is any information in the header or body content that appears to be common between spam messages, then you can use a header_checks or body_checks HOLD action and freeze the mail in the queue, then clean it up later. Not-so-safe suggestion: defer all bounces for the affected address. Untested example: /etc/postfix/main.cf restriction_classes = defer-bounce defer-bounce = check_sender_access hash:/etc/postfix/mail_access smtpd_recipient_restrictions = permit_mynetworks ... reject_unauth_destination check_recipient_access hash:/etc/postfix/rcpt_access ... /etc/postfix/rcpt_access: vic...@example.com defer-bounce /etc/postfix/mail_access: <> defer this recipient is receiving too many bounces mailer-daemon@ defer this recipient is receiving too many bounces postmaster@ defer this recipient is receiving too many bounces Wietse > > > Return-Path: <soa@* <s...@newmedia.net.nz>*[ourdomain.actual.domain]**> > Received: from 195-191-72-102.optolan.net.ua (unknown [195.191.72.102]) > by smtp-0.counselschambers.com.au (Postfix) with ESMTP id > 1D400396B7E > for <so...@tenthfloor.org>; Wed, 2 Feb 2011 08:28:43 +1100 > (EST) > From: no-reply...@job.com > To: <so...@tenthfloor.org> > Subject: Position opening in your area > MIME-Version: 1.0 > Importance: High > Content-Type: text/html > Message-ID: <20110201212844.1d400396...@smtp-0.counselschambers.com.au> > Date: Wed, 2 Feb 2011 08:28:43 +1100 > > Thanks > > Simon