From: John Heim (jheimmath.wisc.edu)
Date: Thu Aug 14 2008 - 11:43:38 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
From: "Charles Marcus" <CMarcusMedia-Brokers.com>
To: "John Heim" <jheimmath.wisc.edu>
Cc: "Postfix users" <postfix-userspostfix.org>
Sent: Thursday, August 14, 2008 11:06 AM
Subject: Re: mail aliases & spam

> On 8/14/2008 11:54 AM, John Heim wrote:
>> Get it? Somebody tries to spam user12math.wisc.edu and user12 has his
>> mail forwarded to his gmail account. Gmail detects the spam, rejects the
>> message and my mta then generates a bounce back to the original forged
>> from address.
>>
>> I don't see anything in the backscatter howto about this. I believe my
>> machine is properly configured to not generate normal (for lack of a
>> better term) backscatter. I mean, it doesn't bounce incoming spam. But
>> this is almost like spam coming from inside my own system.
>
> This is one of the problems with auto-forwarders and auto-responders.
>
> It looks to me like the main problem is why so much actual spam is
> getting through to your users - what anti-spam measures do you take?

Exactly! Except that the reason our anti-spam measures are ineffective is
that the addresses are aliased. We have 2 MTAs running postfix with
pre-queue spam filters and then a delivery machine running postfix,
spamassassin, & dovecot. The pre-queue spam filter gets about 50% of
incoming spam. Of course, that means that about 50% gets through. On the
destination machine, we call spamc via a procmail rule. That would normally
filter almost all the rest into the user's "spam" folder. But the problem is
that procmail is never run if the address has an alias.

The delivery machine has much stricter spam settings than the MTAs. But I am
worried about false positives on the MTAs. If athere is a false positive on
the destination machine, it's just put into the user's spam folder. On the
MTAs, it's rejected.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]