Chris Arnold wrote:
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At
the present time, my mailbox is filled with backscatter; getting around
10 a minute since 4:30 today. I have postfix backscatter rules in
postfix of zimbra,
http://www.postfix.org/BACKSCATTER_README.html#real but still getting
pounded. Here is the header from on such mail:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[EMAIL PROTECTED]
SMTP error from remote mail server after RCPT
TO:<[EMAIL PROTECTED]>:
host relay1.tm.odessa.ua [195.66.204.50]: 511 sorry, no mailbox here
by that name (#5.1.1 - chkuser)
------ This is a copy of the message, including all the headers. ------
Return-path: <[EMAIL PROTECTED]>
Received: from chello089074205165.chello.pl ([89.74.205.165])
by wifi-router.tm.odessa.ua with esmtp (Exim 4.69 (FreeBSD))
(envelope-from <[EMAIL PROTECTED]>)
id 1KvJP6-000Eho-L0
for [EMAIL PROTECTED]; Thu, 30 Oct 2008 00:20:42 +0200
Message-ID: <[EMAIL PROTECTED]>
From: =?koi8-r?B?4c3X0s/Tycog4czT2c7Cwco=?= <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: =?koi8-r?B?5dfSz9DFytPLwdEgzsXExczRIMvB3sXT1NfB?=
Date: Wed, 29 Oct 2008 20:30:54 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0004_01C93A14.03BA381D"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
This is a multi-part message in MIME format.
------=_NextPart_000_0004_01C93A14.03BA381D
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Can someone please help me stop this? A while back, there was a thread
that pointed to a website, backscatter.org or something like that, that
we used that since the upgrade did a wonderful job. Anyone remember that
web site?
you could try
smtpd_restriction_classes =
...
reject_backscatter
smtpd_data_restrictions =
check_sender_access pcre:/etc/postfix/bounce_access
reject_backscatter =
reject_rbl_client ips.backscatterer.org
== bounce_access
/^$/ reject_backscatter
/^mailer\-daemon/ reject_backscatter
/^postmaster@/ reject_backscatter
the check is done at DATA stage to avoid blocking (the abusive) SAV
probes (CBV, callout verification, ... or whatever you name it).
note that this will reject "legitimate" bounces if they are sent from a
client listed on backscatterer.
PS. don't think SPF will help. this has been discussed here and
elsewhere before.
