HI Marc, I've a "little problem" with a mailsystem.
Last day a colleague received over 200 bounce-messages and this over 10 minutes. O.K., that was all backscatter from a software-company in Redmond :( All those messages had have an attachment (zip archive) with maleware. A few minutes I was shocked, 'cause how could all AMaVis-hosts at customer site, transport maleware in a zip-archive?! So, I tried to send a new mail, with this zip-archive to all of our 5 MX and nowhere it was possible to trespass our borderfilters. :) So I tried to understand, why our AMaVis's allowed those faked bounce-messages with mailware. The only thing I found was those maillog-entries: Sep 8 13:17:10 amavis-cluster-by amavis[23088]: (23088-10) bounce rescued by domain (DSN), <> -> <[email protected]>, date: Tue, 8 Sep 2015 12:41:24 +0200, from: Rosenbaum Group <[email protected]>, message-id: <[email protected]>, return-path: [email protected] "bounce rescued by domain (DSN)"? What's that? So I tried to ask google, wether or not there are existing news known by others. The only things I found was: https://www.mail-archive.com/[email protected]/msg11245.html http://sourceforge.net/p/amavis/mailman/amavis-user/thread/[email protected]/ and http://www.ijs.si/software/amavisd/ " ... bounce killer feature (requires pen pals SQL logging) checks a header section attached to received non-delivery status notifications, and discards bounces to fake mail which do not refer to our genuine outgoing mail;" I'm not so fimilar with this, how p@trick told it "spam and maleware over backscatter as esoteric problem ;)", and your "bounce killer feature". May you tell me a few more points, what this feature can do and if it the right point, to ban those attacks? Or there exists an unknown feature for banning attachments (i.e. zip-archives with maleware)? Every hint is useful! Thanx4help! Have a nice day! Django -- "Bonnie & Clyde der Postmaster-Szene!" approved by Postfix-God http://wetterstation-pliening.info http://dokuwiki.nausch.org http://wiki.piratenpartei.de/Benutzer:Django
