I'm currently facing backscattering spam (Bounce from Mailer-daemon) and I believe I have found why.
Configuration:
Plesk 11.0.9, Centos 5, Postfix 2.8.4-12052415
SPF (v=spf1 a mx ip4:<ip> -all)
domain key verficiation is on and setup
I have 2 domains for the server, domain.com & domain.net. domain.net is used for hostname and NameServers whereas domain.com is used for the website & email with domain.net as an alias.
All accounts on the server are set to 'reject' mail for users not found. What I have found is that if I send an email to any of the following, the servers sends a bounce reply:
[email protected]
[email protected]
[email protected]
etc.
Why does the server not just reject everything? By this logic, if someone has domain2.tld pointed at my server, it'll send out bounce messages to any email that they send to that domain. I tested it by sending mail to a non-existing subdomain of a customer and I received a bounce.
Responces-------------
non-existing subdomain:
<[email protected]>: Host or domain name not found. Name service error
for name=sub.domain2.tld type=AAAA: Host not found
my alias:
<[email protected]>: User unknown in virtual alias table
main & alias false subdomain:
<[email protected]>: mail for domain.net loops back to myself
-----------------------
what can I do to entirely disable bounce messages and stop these spam messages? and this should be a global option in plesk on how to handle any message not handled by the accounts.
thank you.
EDITS:
postifix/main.cf contains 'unknown_local_recipient_reject_code = 550'
-----Example Header of spam being sent------------
X-No-Auth: unauthenticated sender
Received: from sub.domain.com (unknown [127.0.0.1])
by hostname (Postfix) with SMTP id BF4D5C1E976
for <person>; Thu, 3 Jan 2013 00:57:47 -0500 (EST)
Date: Thu, 3 Jan 2013 00:57:47 +0000 (UTC)
From: LinkedIn Support <[email protected]>
To: <person>
Message-ID: <[email protected]>
Subject: Support sent you a private message
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
--------------------------------------------------
--------Example of Backscatter--------------------
Received: by hostname (Postfix)
id 6D561C1CB84; Wed, 2 Jan 2013 17:40:48 -0500 (EST)
Date: Wed, 2 Jan 2013 17:40:48 -0500 (EST)
From: MAILER-DAEMON@hostname (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: person
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="21D58C1CB7F.1357166448/hostname"
Message-Id: <20130102224048.6D561C1CB84@hostname>
--------------------------------------------------
Configuration:
Plesk 11.0.9, Centos 5, Postfix 2.8.4-12052415
SPF (v=spf1 a mx ip4:<ip> -all)
domain key verficiation is on and setup
I have 2 domains for the server, domain.com & domain.net. domain.net is used for hostname and NameServers whereas domain.com is used for the website & email with domain.net as an alias.
All accounts on the server are set to 'reject' mail for users not found. What I have found is that if I send an email to any of the following, the servers sends a bounce reply:
[email protected]
[email protected]
[email protected]
etc.
Why does the server not just reject everything? By this logic, if someone has domain2.tld pointed at my server, it'll send out bounce messages to any email that they send to that domain. I tested it by sending mail to a non-existing subdomain of a customer and I received a bounce.
Responces-------------
non-existing subdomain:
<[email protected]>: Host or domain name not found. Name service error
for name=sub.domain2.tld type=AAAA: Host not found
my alias:
<[email protected]>: User unknown in virtual alias table
main & alias false subdomain:
<[email protected]>: mail for domain.net loops back to myself
-----------------------
what can I do to entirely disable bounce messages and stop these spam messages? and this should be a global option in plesk on how to handle any message not handled by the accounts.
thank you.
EDITS:
postifix/main.cf contains 'unknown_local_recipient_reject_code = 550'
-----Example Header of spam being sent------------
X-No-Auth: unauthenticated sender
Received: from sub.domain.com (unknown [127.0.0.1])
by hostname (Postfix) with SMTP id BF4D5C1E976
for <person>; Thu, 3 Jan 2013 00:57:47 -0500 (EST)
Date: Thu, 3 Jan 2013 00:57:47 +0000 (UTC)
From: LinkedIn Support <[email protected]>
To: <person>
Message-ID: <[email protected]>
Subject: Support sent you a private message
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
--------------------------------------------------
--------Example of Backscatter--------------------
Received: by hostname (Postfix)
id 6D561C1CB84; Wed, 2 Jan 2013 17:40:48 -0500 (EST)
Date: Wed, 2 Jan 2013 17:40:48 -0500 (EST)
From: MAILER-DAEMON@hostname (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: person
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="21D58C1CB7F.1357166448/hostname"
Message-Id: <20130102224048.6D561C1CB84@hostname>
--------------------------------------------------
Code:
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 5
debug_peer_list = 127.0.0.1
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
mydestination = localhost.$mydomain, localhost, localhost.localdomain
myhostname = www.domain.net
mynetworks = 127.0.0.0/8, [::1]/128, $IP1/32, $IP2/32
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:12768
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.8.4/README_FILES
relay_domains = NULL
sample_directory = /usr/share/doc/postfix-2.8.4/samples
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_send_xforward_command = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_client_restrictions = permit_mynetworks
smtpd_milters = inet:localhost:12768
smtpd_proxy_timeout = 3600s
smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, check_client_access pcre:/var/spool/postfix/plesk/non_auth.re
smtpd_timeout = 3600s
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
transport_maps = hash:/var/spool/postfix/plesk/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:110
Last edited: