|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mouss (mouss
netoyen.net)
Date: Mon May 05 2008 - 11:12:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Elijah Savage wrote:
> I know this could add delay on a very busy system. But as of late I have
> been battling backscatter to legitimate users on my system. 99% of it seems
> to be originating from these domains,
> Ru
> Uk
> Br
> It
>
> Has anyone used this as a method to fight backscatter?
>
> I have read http://www.postfix.org/BACKSCATTER_README.html and have it
> deployed just as an FYI.
>
> It seems since Friday of last week I have seen a big increase of this.
>
SAV will not block backscatter. bounces generally come from valid addresses.
Things you can do
- Implement the recommendations described in BACKSCATTER README
- use spamassassin vbounce rules
- use the last amavsid-new anti backscatter features
- reject bounces from some places. you can use backscatterer.org DNSBL
(only for bounces. use check_sender_access to trigger the call).
- a "lose" heuristic consists of rejecting bounces if the PTR or helo
match a set of patterns:
(virus|scan|barra|cuda|filter|hole|fire|wall|fallback|bounce|junk|arrest|queue)
but I have no idea whether this would block "wanted" bounces.
if you still have problems, consider blocking bounces to victim
recipients during the backscatter storm.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]