Le 22/03/2011 05:38, Simon a écrit :
> Hi There,
>
> We are using postfix on debian lenny. Everything is mysql backed and
> we are using amavisd-new (spamassassin with daily updates from
> saupdates.openprotect.com and updates.spamassassin.org & clam-av),
> postfix-policy greylisting and postfix-policyd-spf-python. All updates
> applied.
>
> But we are still getting hammered by backscatter spam (like the below)
> and are hoping to get the lists input with where to head in terms of
> getting this sorted... it seems like everything we look at just does
> not quite suit our setup.
>
> Many thanks in advance!!!!
>
> Simon
>
> Received: from psmtp.com ([64.18.3.158]) by mosesafonso.com with Microsoft
> SMTPSVC(6.0.3790.3959); Sun, 20 Mar 2011 14:18:35 -0400
> Received: from source ([93.85.177.92]) by exprod8mx291.postini.com
> ([64.18.7.13]) with SMTP;
> Sun, 20 Mar 2011 14:18:34 EDT
> Received: from 93.85.177.92 (account 0-0-0-0-cbouys...@microapp.com
> HELO syccjjv.pqhsfgogqp.com)
> by (CommuniGate Pro SMTP 5.2.3)
> with ESMTPA id 932104756 for sbow...@mosesafonso.com; Sun, 20 Mar
> 2011 20:18:34 +0200
> To: <sbow...@mosesafonso.com>
> Subject: Re: CV
> From: <no-reply-...@financeinfrance.com>
> MIME-Version: 1.0
> Importance: High
> Content-Type: text/html
> X-pstn-neptune: 1/1/1.00/86
> X-pstn-levels: (S: 0.00445/92.75607 CV:99.9000 FC:95.5390 LC:95.5390
> R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
> Message-ID: <2322245927972554085239078162...@psmtp.com>
> Return-Path: {user}@{clientdomain}.com
> X-OriginalArrivalTime: 20 Mar 2011 18:18:35.0168 (UTC)
> FILETIME=[39EDB200:01CBE72B]
> Date: Sun, 20 Mar 2011 14:18:35 -0400
>
1) nothing in your sample shows that you use postfix.
if using postfix, why is Return-Path in the middle of headers?
2) given the return-path you show, this is not backscatter. maybe you
meant envelope sender forgery?
3) 93.85.177.92 is listed in ZEN and BRBL among other lists.
