On 2008-05-28 Jan Steinman wrote:
> I woke up to find over 4,000 failed spams, returned to the postmaster
> account for one of the domains I host. Some spammer is forging that
> address as their "From:" address, and thousands of MTAs are rejecting
> the spam for various reasons, and it's all coming back to me.
>
> They were coming in faster than I could delete them, so I disabled the
> postmaster account. But this has serious repercussions, as many
> mailing lists automatically reject email that comes from domains that
> lack a postmaster address, and the various RFCs require it, as well.
>
> This has happened to me before, and I patiently went through the first
> dozen or so, working with dig and whois, and made IDENTITY THEFT
> complaints to the spammers' ISPs, and it slowed the problem down, but
> I don't have time for that today.
>
> Anyone care to share their favourite tips and tricks for dealing with
> this?
Well, for postmaster it's pretty easy: simply reject all bounces to that
address via smtpd_recipient_restrictions (check_recipient_access). Since
you don't send mail from postmaster@ there's no way at all a bounce to
that address could be valid.
As a more general approach I'm just in the middle of evaluating
something I came across a short while ago. Looks rather promising:
- add a random string (e.g. "abcde") as a new subdomain in DNS
- have Postfix rewrite the envelope_from of outgoing mail from
email@hidden to email@hidden
- accept bounces only for abcde.example.com
- reject all other bounces
- accept regular mail only for example.com, not for abcde.example.com
- change the bounce domain on a regular basis
Downsides are AFAICS:
- requires quite a bit of manual configuration in Postfix
- requires some scripting for the updates
- may cause problems with mailing lists in case they strictly check the
envelope_from (I'm looking into that right now)
Comments anyone?
Regards
Ansgar Wiechers
--
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
