Is there anyone who have a solution to these backscatter mail, bounced mails with forged sender addresses??? If you know how these mails could be dropped by header and/or body checks... please let me know how this could be done.
I have read the Postfix manual, searching the web for some solution and yes I found a few guidelines on how this should be done. But I don't have the knowledge on how these checks should be written, I have tried a few times with NOT so good result... ;-)
We have been getting these MAILER-DAEMON bounces for about 3 weeks now. Sometimes 10-30 addresses get these each time, and I'm not talking just a few bounces. It vary from time to time, one time an account received about 300 to the inbox and about 2,500 to the spambox (in just an hour or so). Some times we can have up to 30 accounts "spammed" at the same time, and sometimes it's just a few or even just one account that is "spammed" each time. At the most we received about 15,000 MAILER-DAEMON bounces in one day.
So... if you have some ideas or solutions, Please let me know how and what to do to stop this!!
We are using Fedora Core 6 and Virtualmin Pro. At the moment we only have about 300 mail accounts on the server.
Thanks!!! Regards, Leif
Header from one of these mails to my own account. SpamAssassin did catch this mail.
Content analysis details: (6.2 points, 5.0 required) pts rule name description
1.0 NO_REAL_NAME From: does not include a real name 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 1.4 MSGID_FROM_MTA_ID Message-Id for external message added locally 0.5 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date 0.2 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20% [score: 0.0594] 3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
Return-Path: <> X-Original-To: MY-MAIL-ADDRESS Delivered-To: MY-ACCOUNT@OUR-SERVER-TLD Received: from pantheon.it (host120-148-static.15-79-b.business.telecomitalia.it [126.96.36.199])by OUR-SERVER-TLD (Postfix) with SMTP id 85B055900CBfor <MY-MAIL-ADDRESS>; Thu, 17 Apr 2008 21:04:18 +0200 (CEST) Received: (qmail 21051 invoked for bounce); 17 Apr 2008 13:49:03 -0000 Date: 17 Apr 2008 13:49:03 -0000 From: MAILER-DAEMON@pantheon.it To: MY-MAIL-ADDRESS Subject: failure notice
Hi. This is the qmail-send program at pantheon.it. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
<firstname.lastname@example.org>: Sorry, no mailbox here by that name. (#5.1.1)
--- Below this line is a copy of the message.
Return-Path: <MY-MAIL-ADDRESS> Received: (qmail 20979 invoked from network); 17 Apr 2008 13:49:01 -0000 Received: from 188.8.131.52.static.vsnl.net.in (184.108.40.206) by pantheon.it with SMTP; 17 Apr 2008 13:49:01 -0000 Message-ID: <000901c8a091$05f9dd3d$bd11e6b7@wocsp> From: "dougie bradley" <MY-MAIL-ADDRESS> To: <email@example.com> Subject: we caught you naked it.hobby.motociclismo! check the video Date: Thu, 17 Apr 2008 12:01:40 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01C8A091.05F90F88" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138