Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: mouss (moussnetoyen.net)
Date: Mon May 05 2008 - 11:12:57 CDT
Elijah Savage wrote:
> I know this could add delay on a very busy system. But as of late I have
> been battling backscatter to legitimate users on my system. 99% of it seems
> to be originating from these domains,
> Has anyone used this as a method to fight backscatter?
> I have read http://www.postfix.org/BACKSCATTER_README.html and have it
> deployed just as an FYI.
> It seems since Friday of last week I have seen a big increase of this.
SAV will not block backscatter. bounces generally come from valid addresses.
Things you can do
- Implement the recommendations described in BACKSCATTER README
- use spamassassin vbounce rules
- use the last amavsid-new anti backscatter features
- reject bounces from some places. you can use backscatterer.org DNSBL
(only for bounces. use check_sender_access to trigger the call).
- a "lose" heuristic consists of rejecting bounces if the PTR or helo
match a set of patterns:
but I have no idea whether this would block "wanted" bounces.
if you still have problems, consider blocking bounces to victim
recipients during the backscatter storm.