Re: Flooded with emails to root -- URGG
On Thursday 25 September 2008 09:40:34 Chris Pratt wrote: On Sep 25, 2008, at 9:34 AM, David Southwell wrote: Hi I am running postfix. Am receiving a flood of emails that appear to emanate from Servers who have received spam that has masqueraded [EMAIL PROTECTED] as the email source. Could anyone please suggest the best way of dealing with these. Please bear in mind I am not all that familiar with postfix so if anyone feels treating me like an idiot and spoonfeeding the actual command s to use I would be most appreciative chuckles I have no idea what a command would be to stop receipt. Cutting off the original generation of the emails being spoofed is more to the point. You may want to look at SPF (openspf.org). If your domain is listed with an spf entry in DNS, you become less tempting as a domain to spoof. Over time, it will all but cease. Once you've created an SPF DNS record, many servers receiving mail spoofed for your domain will begin to drop it rather than backscatter emails back to your server. You should study the information on their site but in a nutshell, you create a TXT record in DNS that lists your servers IP as the only valid machine to send mail for your domain. This tells the others to drop emails from other IPs using your domain. It's relatively effective and painless. Thank you That really did the trick.. Within two hours the flood of backscatter (about 400 an hour) was virtually gone That was great advice David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Flooded with emails to root -- URGG
On Sep 25, 2008, at 9:34 AM, David Southwell wrote: Hi I am running postfix. Am receiving a flood of emails that appear to emanate from Servers who have received spam that has masqueraded [EMAIL PROTECTED] as the email source. Could anyone please suggest the best way of dealing with these. Please bear in mind I am not all that familiar with postfix so if anyone feels treating me like an idiot and spoonfeeding the actual command s to use I would be most appreciative chuckles I have no idea what a command would be to stop receipt. Cutting off the original generation of the emails being spoofed is more to the point. You may want to look at SPF (openspf.org). If your domain is listed with an spf entry in DNS, you become less tempting as a domain to spoof. Over time, it will all but cease. Once you've created an SPF DNS record, many servers receiving mail spoofed for your domain will begin to drop it rather than backscatter emails back to your server. You should study the information on their site but in a nutshell, you create a TXT record in DNS that lists your servers IP as the only valid machine to send mail for your domain. This tells the others to drop emails from other IPs using your domain. It's relatively effective and painless. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Flooded with emails to root -- URGG
David Southwell [EMAIL PROTECTED] writes: I am running postfix. Am receiving a flood of emails that appear to emanate from Servers who have received spam that has masqueraded [EMAIL PROTECTED] as the email source. Could anyone please suggest the best way of dealing with these. Please bear in mind I am not all that familiar with postfix so if anyone feels treating me like an idiot and spoonfeeding the actual command s to use I would be most appreciative chuckles http://www.postfix.org/BACKSCATTER_README.html I have just installed procmail but not yet activated it. (Incidentally I do have a number of virtual domains but the only one that seems to get flooded is the primary hostname. There have also been numerous failed hacking attempts on to the system but as they keep trying to get in using services that are not actually running they have got nowhere (so far!!) As far as you know. ;-) -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]