Question Backscatter

[Mitti]

Hi all,

I am a plesk user since a couple of years now and I'd say I have a really strong know-how about server systems. However, this a few weeks, I have a new crazy issue on our hosting server: It is always on a backscatter black list and client emails are blocked from other mail servers.

The blacklist (Backscatterer.org powered by UCEPROTECT) shows me the timestamp and I the maillog I can see several entries like

postfix/qmgr[581]: E20DE81224: from=<>, size=7926, nrcpt=1 (queue active)

but I don't find any reason. I also logged in at the server through telnet (25) and manually sent a message without a sender to an external domain, which was blocked due to denied relay access. In a next step I tried to send it to a local recipient on the server without a sender which worked out. This was a mailbox with forwarding to an external address where I have received the mail (and it showed Mailer-Daemon as sender).

I am not sure what to do; but backscatter says that it finds every day an entry....

Anyone got an idea?

Thanks
Manuel

 

[TorbHo]

Hello,

I had a similar problem and I found out that the problem are the bounce mails from MAILER-DAEMON.

So, spam was sent to not existing mail boxes and the MAILER-DAEMON tries to return a bounce message. As the sending mail address is forged, this bounce can't be sent, so the mail stays in the queue and is tried to be sent again, again and again.

I use a cron script which scans the mail queue once an hour for this MAILER-DAEMON and flushes them.

So, first use a cron for

• /usr/sbin/postqueue -f

once an hour, which tries to send legitimate mails from the daemon in mailqueue again.
Than, about 2-3 minutes later use this cron to flush the mails which can't be sent:

• mailq|gawk '/MAILER-DAEMON/ { print $1 }'|/usr/sbin/postsuper -d -

Now the mailqueue cleans itself once an hour and most blacklists accept this, as this is the only try to send the spam-mails.

#edit
Changed "postqueue -f" to "/usr/sbin/postqueue -f"