Am 09.07.2010 12:51, schrieb Administrator Beckspaced.com: > hello robert, > > thanks a lot for your quick reply ... > actually it is not always the same IP or host sending the error bounces ... > the bounces are sent from hundred of different IP addresses ... > > any more idea? > > thanks for your help & fun > becki > > > below some logs you requested ... change the real email account to > spamu...@domain.com -> > > Jul 8 12:20:27 gehirn postfix/smtpd[19857]: NOQUEUE: reject: RCPT from > crusty.hosts.net.nz[210.48.108.195]: 554 5.7.1 <spamu...@domain.com>: > Recipient address rejected: Access denied; from=<> > to=<spamu...@domain.com> proto=SMTP helo=<crusty.hosts.net.nz> > Jul 8 12:22:08 gehirn postfix/smtpd[19859]: NOQUEUE: reject: RCPT from > mailx.nlabs.de[92.79.50.220]: 554 5.7.1 <spamu...@domain.com>: Recipient > address rejected: Access denied; from=<> to=<spamu...@domain.com> > proto=SMTP helo=<mailx.nlabs.de> > Jul 8 12:22:48 gehirn postfix/smtpd[19854]: warning: 222.254.188.229: > address not listed for hostname localhost > Jul 8 12:23:28 gehirn postfix/smtpd[18358]: NOQUEUE: reject: RCPT from > port-87-234-220-121.static.qsc.de[87.234.220.121]: 554 5.7.1 > <spamu...@domain.com>: Recipient address rejected: Access denied; > from=<> to=<spamu...@domain.com> proto=SMTP helo=<mforward> > Jul 8 12:26:22 gehirn postfix/smtpd[19854]: setting up TLS connection > from mail.aydin.edu.tr[212.174.169.8] > Jul 8 12:26:22 gehirn postfix/smtpd[19854]: TLS connection established > from mail.aydin.edu.tr[212.174.169.8]: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits) > Jul 8 12:26:22 gehirn postfix/smtpd[19854]: NOQUEUE: reject: RCPT from > mail.aydin.edu.tr[212.174.169.8]: 554 5.7.1 <spamu...@domain.com>: > Recipient address rejected: Access denied; from=<> > to=<spamu...@domain.com> proto=ESMTP helo=<Mailsrv.aydin.edu.tr> > Jul 8 12:27:57 gehirn postfix/smtpd[19850]: NOQUEUE: reject: RCPT from > svhqgtw02.ethiopianairlines.com[213.55.83.14]: 554 5.7.1 > <spamu...@domain.com>: Recipient address rejected: Access denied; > from=<> to=<spamu...@domain.com> proto=SMTP > helo=<svhqgtw02.ethiopianairlines.com> > Jul 8 12:27:58 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from > svhqgtw02.ethiopianairlines.com[213.55.83.14]: 554 5.7.1 > <spamu...@domain.com>: Recipient address rejected: Access denied; > from=<> to=<spamu...@domain.com> proto=SMTP > helo=<svhqgtw02.ethiopianairlines.com> > Jul 8 12:28:27 gehirn postfix/smtpd[18358]: A565C150A7D: > client=relay02.is.co.za[196.35.6.70] > Jul 8 12:28:31 gehirn postfix/smtpd[20525]: 78BEC150A7F: > client=localhost[127.0.0.1] > Jul 8 12:28:35 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from > mx2.lost-oasis.net[80.67.160.52]: 554 5.7.1 <spamu...@domain.com>: > Recipient address rejected: Access denied; from=<> > to=<spamu...@domain.com> proto=SMTP helo=<mx2.lost-oasis.net> > Jul 8 12:29:23 gehirn postfix/smtpd[18899]: NOQUEUE: reject: RCPT from > defer114.ocn.ad.jp[122.28.15.169]: 554 5.7.1 <spamu...@domain.com>: > Recipient address rejected: Access denied; from=<> > to=<spamu...@domain.com> proto=ESMTP helo=<defer114.ocn.ad.jp> > Jul 8 12:29:49 gehirn postfix/smtpd[19850]: E4B86150AE9: > client=unknown[184.154.34.69] > Jul 8 12:29:56 gehirn postfix/smtpd[20525]: 8B7F4150AF6: > client=localhost[127.0.0.1] > Jul 8 12:30:43 gehirn postfix/smtpd[19854]: NOQUEUE: reject: RCPT from > post.vrus.de[85.182.133.62]: 554 5.7.1 <spamu...@domain.com>: Recipient > address rejected: Access denied; from=<> > > On 7/9/2010 12:42, Robert Schetterer wrote: >> Am 09.07.2010 12:35, schrieb Administrator Beckspaced.com: >>> hello there, >>> >>> i'm running a postfix 2.4.6 on a opensuse box. >>> postfix has amawis-new with spamassasin installed ... >>> >>> since a few weeks one of my email accounts gets bombarded with thousands >>> of SPAM mailer daemon error bounces. >>> could not deliver message ... bla bla bla ... >>> >>> it's getting really annoying as there are thousands of error bounces >>> coming in every single day. >>> >>> looks like that the email address ended up on some SPAM mailing lists >>> ... adn now the mailbox receives all this error message junk >>> >>> so ... what's the best strategy to get rid off this problem? >>> >>> already had a quick look ... and the error bounces come in with an empty >>> <> from address ... >>> which seems to be standard for this ... and by default postfix doesn't >>> block empty from addresses<> >>> >>> so what's the best thing to do to get rid of those thousand error email >>> bounces? >>> >>> thing is that the customer urgently needs this email account as it is >>> signed up at many service providers. >>> >>> could i do a header check for this single email account and reject the >>> empty from address<> for that email account only? >>> what are my options? what's the smartest thing to do?? >>> >>> thanks a lot for your help& service >>> >>> with best regards >>> becki >>> >> if it always the same host sending backscatter >> simple block the host by access list and/or firewall >> >> lets see some logs, there are many way to deal with backscatter >> >
please dont top post, do they have always the same body ? or equal bodies which might can be matched with some body_checks something like main.cf body_checks = pcre:/etc/postfix/body_checks /sunstarcasino\.net/ REJECT backscatter -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
