> -----Original Message----- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of jan gestre > Sent: Wednesday, 27 May 2009 5:00 PM > To: postfix-users@postfix.org > Subject: Re: BackScatter Problem > > > If it's backscatter, it should be coming from <>, not a > "valid company > > address". Please show your logs during delivery of the > alleged backscatter. > > > > I don't have anymore the logs from Postfix and I'm not sure > if it really is a backscatter problem, all I have right now is the > following: > > ---------------------- > -----Original Message----- > From: Judy Aguilar [mailto:judyagui...@example.com] > Sent: Tuesday, May 26, 2009 4:41 PM > To: Sheila Villanueva > Subject: Fw: No branding needed! > > Pls see "VIAGRA.Official Site's email address -- creati...@example.com > > Fyi. > > ----- Original Message ----- From: "Biba Cabuquit" > <bibacabuq...@example.com> > To: "VIAGRA . Official Site" <creati...@example.com> > Sent: Tuesday, May 26, 2009 3:16 PM > Subject: No branding needed! > > ------- end--------- > > The creati...@example.com is a valid email address and yet it > has the name VIAGRA Official site, is the mail server the > causing the issue or there is a worm on the users PC that' > causing this. > > > >> My /etc/postfix/header_checks contain only the following: > >> > >> /^Received:/ HOLD > > > > Very odd that you want to hold ALL email with this check. Does > > MailScanner examine messages in the hold queue and then > release them? > > > > MailScanner really examines messages in the HOLD queue > because all emails incoming/outgoing are tagged by > MailScanner as having scanned or I'm totally wrong? >
While others might have better luck trying to divine why you're getting the spam, it's very difficult to do so with a couple of message snips (you haven't even included the full headers). However, as a guess, someone is spoofing the "creati...@example.com" to send spam, and now you're getting the backscatter. It could be any machine on the internet spoofing that address. As for Mailscanner, perhaps it's better to ask over on their support site. If you look at the Addons page on the postfix.org site, it says "* mailscanner system, works with Postfix and other MTAs. WARNING: This software uses unsupported methods to manipulate Postfix queue files directly. This will result in corruption or loss of mail. The mailscanner authors have sofar refused to discuss a proper access API or protocol."
