[pfx] Re: body_checks not catching all backscatter
Sebastian Wiesinger via Postfix-users wrote > Thanks Peter but I will never ever, as long as I live, use anything > connected to UCEProtect. +1 Regards, Michael ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: body_checks not catching all backscatter
* Peter via Postfix-users [2023-05-03 07:45]: > On 28/04/23 03:59, Sebastian Wiesinger via Postfix-users wrote: > > Hi everyone, > > > > I'm not sure if I'm missing something but I can't find out why my > > body_checks doesn't catch all the backscatter I'm getting right now. > > Oh yuck. > > I've found that the best way to block backscatter is by using the > backscatter DNSRBL. Make sure you follow the instructions for setting it up > properly: > > https://www.backscatterer.org/?target=usage > > If used correctly it will only block DSNs from known backscatter sources. Thanks Peter but I will never ever, as long as I live, use anything connected to UCEProtect. Also: I might be interested in legitimate mail from backscatter MTAs. Best Regards Sebastian -- 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: body_checks not catching all backscatter
May 3, 2023 at 4:26 PM, "Matus UHLAR - fantomas via Postfix-users" wrote: > > > > > > > > > On 28/04/23 03:59, Sebastian Wiesinger via Postfix-users wrote: > > > > I'm not sure if I'm missing something but I can't find out why my > > > > body_checks doesn't catch all the backscatter I'm getting right now. > > > > > > > May 3, 2023 at 1:43 PM, "Peter via Postfix-users" > > wrote: > > > > > > > > I've found that the best way to block backscatter is by using the > > > backscatter DNSRBL. Make sure you follow the instructions for setting it > > > up properly: > > > > > > https://www.backscatterer.org/?target=usage > > > > > > If used correctly it will only block DSNs from known backscatter sources. > > > > > > > On 03.05.23 05:51, Ken Peng via Postfix-users wrote: > > > > > But anybody can use our (even setup correctly) mailserver as backscatter > > source? > > > > can they? > > I think only if you accept mail and then bounce. > Well, all yahoo mail servers are working as this way (accept first then bounce). And I think there are others similar to this (forwarders, secondary MX etc). Regards. -- https://kenpeng.pages.dev/ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: body_checks not catching all backscatter
On 28/04/23 03:59, Sebastian Wiesinger via Postfix-users wrote: > I'm not sure if I'm missing something but I can't find out why my > body_checks doesn't catch all the backscatter I'm getting right now. May 3, 2023 at 1:43 PM, "Peter via Postfix-users" wrote: I've found that the best way to block backscatter is by using the backscatter DNSRBL. Make sure you follow the instructions for setting it up properly: https://www.backscatterer.org/?target=usage If used correctly it will only block DSNs from known backscatter sources. On 03.05.23 05:51, Ken Peng via Postfix-users wrote: But anybody can use our (even setup correctly) mailserver as backscatter source? can they? I think only if you accept mail and then bounce. otherwise, only if user set up incorrect forwarding or there are problems with delivery (full quota), but I'm not sure whether this can get you listed at backscatterer -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam is for losers who can't get business any other way. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: body_checks not catching all backscatter
On 3/05/23 17:51, Ken Peng via Postfix-users wrote: But anybody can use our (even setup correctly) mailserver as backscatter source? Not if you configure postfix properly. Peter ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: body_checks not catching all backscatter
May 3, 2023 at 1:43 PM, "Peter via Postfix-users" wrote: > > On 28/04/23 03:59, Sebastian Wiesinger via Postfix-users wrote: > > > > > Hi everyone, > > I'm not sure if I'm missing something but I can't find out why my > > body_checks doesn't catch all the backscatter I'm getting right now. > > > > Oh yuck. > > I've found that the best way to block backscatter is by using the backscatter > DNSRBL. Make sure you follow the instructions for setting it up properly: > > https://www.backscatterer.org/?target=usage > > If used correctly it will only block DSNs from known backscatter sources. > Hello But anybody can use our (even setup correctly) mailserver as backscatter source? -- https://kenpeng.pages.dev/ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: body_checks not catching all backscatter
On 28/04/23 03:59, Sebastian Wiesinger via Postfix-users wrote: Hi everyone, I'm not sure if I'm missing something but I can't find out why my body_checks doesn't catch all the backscatter I'm getting right now. Oh yuck. I've found that the best way to block backscatter is by using the backscatter DNSRBL. Make sure you follow the instructions for setting it up properly: https://www.backscatterer.org/?target=usage If used correctly it will only block DSNs from known backscatter sources. Peter ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: body_checks not catching all backscatter
On 27.04.23 17:59, Sebastian Wiesinger via Postfix-users wrote: I'm not sure if I'm missing something but I can't find out why my body_checks doesn't catch all the backscatter I'm getting right now. I've it configured like this: root@alita:/etc/postfix# postconf -n body_checks body_checks = pcre:$config_directory/body_checks.pcre root@alita:/etc/postfix# cat body_checks.pcre /^[> ]*Message-ID:.*@(fire-world\.de)/ reject SPAM backscatter with forged domain name in Message-ID header One example it doesn't catch seems to match the regex when I test it manually: root@alita:/etc/postfix# postmap -q - regexp:/etc/postfix/body_checks.pcre reject SPAM backscatter with forged domain name in Message-ID header I've got the original message (from my mailbox) here for you: https://www.karotte.org/big/backscatter.txt As I said, Postfix rejects some of the backscatter but not all. Any idea why it didn't reject this? If I tried to block backscatter, I would use spamassassin with VBounce plugin and filter out all mail that hit any of BOUNCE_MESSAGE rules. it just needs to set up proper hostames in welcomelist_bounce_relays. I already use spamassassin as milter, so milter_header_checks should be applicable. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95 ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: body_checks not catching all backscatter
* Sebastian Wiesinger [2023-04-27 17:59]: > root@alita:/etc/postfix# postmap -q - regexp:/etc/postfix/body_checks.pcre > Message-ID: > reject SPAM backscatter with forged domain name in Message-ID header And of course I ran into my own filter when I got the mail back from the mailinglist. :( I've deactivated the filter for now, but for this test case it worked. -- 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org