|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Brian Evans - Postfix List (grknight
scent-team.com)
Date: Fri Aug 22 2008 - 12:08:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gaston Dassieu Blanchet wrote:
> Dear All,
>
> I have found the below in my Postfix logs. I believe I have a
> backscatter problem, which seems to have gotten me in some SPAM black
> lists out there:
>
> rootNatsumi:/home/root# cat /var/log/maillog* | grep 54EF0453B
> Aug 18 18:26:19 Natsumi postfix/smtpd[12950]: 54EF0453B:
> client=c-68-44-19-67.hsd1.nj.comcast.net
> <http://c-68-44-19-67.hsd1.nj.comcast.net>[68.44.19.67
> <http://68.44.19.67>]
> Aug 18 18:26:20 Natsumi postfix/cleanup[12954]: 54EF0453B:
> message-id=18133201c901e5$edf450c0$43132c44computer2007
> Aug 18 18:26:20 Natsumi postfix/qmgr[2661]: 54EF0453B:
> from=<forged_source_addressforged_source_domain.com
> <mailto:forged_source_addressforged_source_domain.com>>, size=1009,
> nrcpt=5 (queue active)
>
> Aug 18 18:26:21 Natsumi postfix/local[12958]: 54EF0453B:
> to=<mailmydomain.com <mailto:mailmydomain.com>>, relay=local,
> delay=2.3, delays=1.8/0.27/0/0.2, dsn=5.2.0, status=bounced (maildir
> delivery failed: create maildir file
> //Maildir/tmp/1219094781.P12958.Natsumi: Permission denied)
> Aug 18 18:26:21 Natsumi postfix/local[12958]: 54EF0453B:
> to=<uucpmydomain.com <mailto:uucpmydomain.com>>, relay=local,
> delay=2.3, delays=1.8/0.47/0/0.01, dsn=5.2.0, status=bounced (maildir
> delivery failed: create maildir file
> /var/spool/uucppublic/Maildir/tmp/1219094781.P12958.Natsumi:
> Permission denied)
>
> Aug 18 18:26:21 Natsumi postfix/bounce[12960]: 54EF0453B: sender
> non-delivery notification: 6B26F4544
> Aug 18 18:26:21 Natsumi postfix/qmgr[2661]: 54EF0453B: removed
>
> If my understanding is correct, I am receiving SPAM with a forged
> source address. This SPAM is accepted by my valid mailboxes
> (valid_user_xmydomain.com <mailto:valid_user_xmydomain.com> above),
> and *bounced* (not not rejected!) by my invalid mailboxes (mail, uucp,
> ... above)
>
> I am quite worried about this. Could anyone kindly help me figure out
> which postfix 2.5.1 configuration parameters can I use to prevent this
> type of abuse?
These are default users that are for services. They are required,
however, do not have to receive mail as mouss has pointed out.
Without 'postconf -n', I can only give some general advice.
If you are not using RBLs, then please start.
Better:
Using a scoring system like postfwd or policyd-weight (development
currently paused).
Brian
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]