Am 22.03.2011 05:38, schrieb Simon: > Hi There, > > We are using postfix on debian lenny. Everything is mysql backed and > we are using amavisd-new (spamassassin with daily updates from > saupdates.openprotect.com and updates.spamassassin.org & clam-av), > postfix-policy greylisting and postfix-policyd-spf-python. All updates > applied. > > But we are still getting hammered by backscatter spam (like the below) > and are hoping to get the lists input with where to head in terms of > getting this sorted... it seems like everything we look at just does > not quite suit our setup. > > Many thanks in advance!!!! > > Simon
backscatter are not easy handeld first as cheap way use spf and dkim, this may helps little read http://www.postfix.org/BACKSCATTER_README.html > > Received: from psmtp.com ([64.18.3.158]) by mosesafonso.com with Microsoft > SMTPSVC(6.0.3790.3959); Sun, 20 Mar 2011 14:18:35 -0400 > Received: from source ([93.85.177.92]) by exprod8mx291.postini.com > ([64.18.7.13]) with SMTP; > Sun, 20 Mar 2011 14:18:34 EDT > Received: from 93.85.177.92 (account 0-0-0-0-cbouys...@microapp.com > HELO syccjjv.pqhsfgogqp.com) > by (CommuniGate Pro SMTP 5.2.3) > with ESMTPA id 932104756 for sbow...@mosesafonso.com; Sun, 20 Mar > 2011 20:18:34 +0200 > To: <sbow...@mosesafonso.com> > Subject: Re: CV > From: <no-reply-...@financeinfrance.com> > MIME-Version: 1.0 > Importance: High > Content-Type: text/html > X-pstn-neptune: 1/1/1.00/86 > X-pstn-levels: (S: 0.00445/92.75607 CV:99.9000 FC:95.5390 LC:95.5390 > R:95.9108 P:95.9108 M:97.0282 C:98.6951 ) > Message-ID: <2322245927972554085239078162...@psmtp.com> > Return-Path: {user}@{clientdomain}.com > X-OriginalArrivalTime: 20 Mar 2011 18:18:35.0168 (UTC) > FILETIME=[39EDB200:01CBE72B] > Date: Sun, 20 Mar 2011 14:18:35 -0400 > > Our setup: > > We have 2 x inbound mail servers (mail-in1 & mail-in2, which are > identical in setup and do simple load balancing) that do the above, > once filtered the mail is sent to a dbmail cluster. Out clients are > all over the place, connecting via the internet to our dbmail service > (e.g. not a lan). We then have two separate outgoing mail servers, > mail-out1 and mail-out2. mail-out1 is used by our client base who > connect with authenticated SMTP, mail-out2 backs up our other servers > (such as web servers etc) to allow them to send email. > > # postconf -n > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > append_dot_mydomain = no > biff = no > body_checks = regexp:/etc/postfix/body_checks > config_directory = /etc/postfix > content_filter = smtp-amavis:[127.0.0.1]:10024 > inet_interfaces = all > mailbox_size_limit = 0 > maximal_backoff_time = 2000 > message_size_limit = 52428800 > mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp > minimal_backoff_time = 500 > mydestination = mysql:/etc/postfix/mysql-transport.cf > myhostname = mail-in1.{ourdomain}.net > mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 > myorigin = /etc/mailname > queue_run_delay = 500 > readme_directory = no > recipient_delimiter = + > relayhost = > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > smtpd_data_restrictions = > reject_unauth_pipelining, > permit > smtpd_recipient_restrictions = > permit_mynetworks, > reject_unauth_destination, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_invalid_hostname, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_rbl_client zen.spamhaus.org, > check_client_access pcre:/etc/postfix/fqrdns.pcre, > #check_sender_access hash:/etc/postfix/check_backscatterer, > check_policy_service unix:private/policyd-spf, > check_policy_service inet:127.0.0.1:10031, > permit > smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem > smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > smtpd_use_tls = yes > transport_maps = mysql:/etc/postfix/mysql-transport.cf > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria