On 9/6/2010 6:27 PM, Alex Brown wrote:
I'd like to know what configuration option within Postfix I
can use to block this spam.
The mail is addressed to users at a hosted domain on my server
and it's being relayed by a trusted spam filtering server.
That domain, domain1.ca, has spam filtering turned off based
on the owner's request. The addresses on my server are not the
actual intended recipients. Those addresses are just being
used to turn my server into a relay. I've listed an example of
one of the spam messages below but I'm particularly interested
in the following section:
named_attribute: dsn_orig_rcpt=rfc822;b...@hosteddomain1.ca
original_recipient:
done_recipient: bradba...@anotherdomain2.ca
named_attribute: dsn_orig_rcpt=rfc822;la...@hosteddomain1.ca
original_recipient:
recipient: lrobert...@anotherdomain3.com
You seem to be under the mistaken impression the spammer
controls the forwarding.
Looks as if brad and laird have configured their hosted domain
to forward mail to their main accounts. If you allow folks to
forward, sometimes there are consequences.
How can I prevent this message from being forwarded to those
addresses at anotherdomain2.ca and anotherdomain3.ca?
Your customer requested and/or configured the forwarding. You
can tell them not to do that.
My server is not configured as a open relay and I only allow
mynetworks and sasl_authenticated users to send/relay mail.
Due to the lack of server resources at the moment, turning on
Amavis is not an option right now because the spam filtering
makes the load very high on the server and creates long delays
in mail delivery.
Is there anything I can do?
This is a social problem, not a technical one.
Your technical choices are few; none of them really good.
- turn off forwarding for accounts that don't accept (or
accept and bounce) messages.
- configure better spam filters on your system. Some folks
seem to have good luck with lighter-weight filtering than
SpamAssassin, such as dspam. I've had good luck using clamav
with the Sanesecurity add-on spam signatures.
- I don't feel like typing any more useless suggestions...
Here's a copy of the spam message what was deferred due to the
fact that the receiving server at domain3.com was refusing the
message.
Sending copies of spam to the list is a good way to reduce the
number of people who see your message. If you think the
content is important (it's not), put it online somewhere eg.
pastbin.com.
-- Noel Jones
