Spam increasing rapidly.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Spam increasing rapidly.

Diego83
Hello.
Our mail server (running postfix 2.3.8, 15+ users) is reciving more and more spam every week. Right now we are reciving almost 10K spam messages per day (last week it was 5K), most of them are send to two accounts which, unfortunately for now, cannot be deleted.
Our postifix configuration does not have any restrictions, i mean no message is rejected and amavis is configured to only add a spam tag to the subject.
I was considering on enabling rbl restrictions.
My question is, as messages in rbl lists are rejected (is this right??), wouldn't this make me a source of backscatter?.

Any help is greatly appreciated.
Thanks.
Diego.

Reply | Threaded
Open this post in threaded view
|

Re: Spam increasing rapidly.

Wietse Venema
Diego Ledesma:
> Hello.
> Our mail server (running postfix 2.3.8, 15+ users) is reciving more and more
> spam every week. Right now we are reciving almost 10K spam messages per day
> (last week it was 5K), most of them are send to two accounts which,
> unfortunately for now, cannot be deleted.

If this mail is logged as "from=<>" then you don't have a spam
problem, but rather, a backscatter problem.

> Our postifix configuration does not have any restrictions, i mean no message
> is rejected and amavis is configured to only add a spam tag to the subject.
> I was considering on enabling rbl restrictions.
> My question is, as messages in rbl lists are rejected (is this right??),
> wouldn't this make me a source of backscatter?.

Backscatter would happen only of there is some other machine between
your Postfix and the internet.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Spam increasing rapidly.

mouss-2
In reply to this post by Diego83
Diego Ledesma wrote:

> Hello.
> Our mail server (running postfix 2.3.8, 15+ users) is reciving more and more
> spam every week. Right now we are reciving almost 10K spam messages per day
> (last week it was 5K), most of them are send to two accounts which,
> unfortunately for now, cannot be deleted.
> Our postifix configuration does not have any restrictions, i mean no message
> is rejected and amavis is configured to only add a spam tag to the subject.
> I was considering on enabling rbl restrictions.
> My question is, as messages in rbl lists are rejected (is this right??),
> wouldn't this make me a source of backscatter?.
>

No, reject != bounce.

when your postfix rejects a transaction, it issues an smtp error code.
it is the sending MTA that will generate a bounce to the sender, but
this is not your problem.

here is something to start with

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_sender
         reject_non_fqdn_recipient
        reject_invalid_helo_hostname
        reject_unlisted_recipient
        reject_unlisted_sender
        #reject_non_fqdn_helo_hostname
        reject_rbl_client zen.spamhaus.org

reject_non_fqdn_helo_hostname is effective (it rejects about 15% here),
but it may block mail from misconfigured sites. it is up to you to use
it or not.

Reply | Threaded
Open this post in threaded view
|

Re: Spam increasing rapidly.

mouss-2
mouss wrote:

> Diego Ledesma wrote:
>> Hello.
>> Our mail server (running postfix 2.3.8, 15+ users) is reciving more
>> and more
>> spam every week. Right now we are reciving almost 10K spam messages
>> per day
>> (last week it was 5K), most of them are send to two accounts which,
>> unfortunately for now, cannot be deleted.
>> Our postifix configuration does not have any restrictions, i mean no
>> message
>> is rejected and amavis is configured to only add a spam tag to the
>> subject.
>> I was considering on enabling rbl restrictions.
>> My question is, as messages in rbl lists are rejected (is this right??),
>> wouldn't this make me a source of backscatter?.
>>
>
> No, reject != bounce.
>
> when your postfix rejects a transaction, it issues an smtp error code.
> it is the sending MTA that will generate a bounce to the sender, but
> this is not your problem.

by the "sending MTA", I meant the one that connects to your postfix. if
this server is under your control, it will generate backscatter. in
short, you can only reject mail at the edge of your network (when one of
your servers receives it from a network with no relationship with you).


>
> here is something to start with
>
> smtpd_recipient_restrictions =
>     permit_mynetworks
>     reject_unauth_destination
>     reject_non_fqdn_sender
>         reject_non_fqdn_recipient
>     reject_invalid_helo_hostname
>     reject_unlisted_recipient
>     reject_unlisted_sender
>     #reject_non_fqdn_helo_hostname
>     reject_rbl_client zen.spamhaus.org
>
> reject_non_fqdn_helo_hostname is effective (it rejects about 15% here),
> but it may block mail from misconfigured sites. it is up to you to use
> it or not.
>