HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Perfect Server : misdirected bounce (complained by SpamCop) (http://www.howtoforge.com/forums/showthread.php?t=34633)

sufehmi 7th May 2009 04:25

Perfect Server : misdirected bounce (complained by SpamCop)
 
Hi, I've setup some servers using the Perfect Server guide for Hardy : http://www.howtoforge.com/perfect-se...ntu8.04-lts-p5



Today I got a warning from the datacenter, telling that one of my server has been used for spamming. It threatened to disconnect my server is nothing is done about it.
And also there's a prospect that my server will be blacklisted by SpamCop, causing problem for everyone hosted in that machine.


Personally I was very surprised, and curious : how ?



Turned out the spammers are using misdirected bounces : http://www.spamcop.net/fom-serve/cache/329.html#bounces



OK, I thought this should be pretty easy to solve; years ago I was messing with OpenBSD 3.x as mailserver; and I think it's just changing a single setting in Amavis. But I couldn't remember which. Anyway, the "perfect server" howto doesn't use Amavis, so it had to be done in Postfix.

Let's recap: I want to disable ALL bounces.

With this in mind, I googled around. Unfortunately, everything I found was much more complex than I expected, and even then I doubt that it'd solve my problem WITHOUT the potential of causing more troubles.

I thought it'd be as simple as a single line setting in main.cf, such as "smtpd_recipient_restrictions = reject_unknown_recipient". But, there's no such setting.

The article at http://www.postfix.org/BACKSCATTER_README.html is useless too. Because it said "configure Postfix to reject all mail for non-existent recipients", but then the instructions are for local_maps; while the "perfect server" howto uses virtual_maps.

At the moment I've read numerous articles and still stuck.
Anyone got a hint on how to do this ? (disable all bounces)


Thanks,
Harry

attached: warning from SpamCop :

Code:

From: "Admin SS427" <4111230831@reports.spamcop.net>
To: abuse@iweb.com
Date: Tue, 05 May 2009 16:07:46 -0700
Subject: [SpamCop (72.55.164.228) id:4111230831]Undelivered Mail Returned to Sender
[ SpamCop V4.5.0.102 ]
This message is brief for your comfort.  Please use links below for details.

Unsolicited bounce from: 72.55.164.228
http://www.spamcop.net/w3m?i=z4111230831z3b503a5f9de11453e213b556de3d0967z
72.55.164.228 appears to be sending unsolicited bounces, please see:
http://www.spamcop.net/fom-serve/cache/329.html


This is an email abuse report for an email message received from IP source  on Tue, 05 May 2009 16:07:46 -0700
For more information about this format please see http://www.mipassoc.org/arf/
To change ARF message format to SpamCop format change settings on your preferences page: http://www.spamcop.net/mcgi?action=showispprefs



---------- Forwarded message ----------
From: MAILER-DAEMON@server03.abangadek.com (Mail Delivery System)
To: nonchalanceh74@ssmx.com
Date: Tue, 5 May 2009 19:07:44 -0400 (EDT)
Subject: Undelivered Mail Returned to Sender
This is the mail system at host server03.abangadek.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                  The mail system

<net@cepat.abangadek.com>: mail for cepat.abangadek.com loops back to myself

Final-Recipient: rfc822; net@cepat.abangadek.com
Original-Recipient: rfc822;net@cepat.abangadek.com
Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for cepat.abangadek.com loops back to myself


---------- Forwarded message ----------
From: "Alden Perez" <nonchalanceh74@ssmx.com>
To: <net@cepat.abangadek.com>
Date: Tue, 5 May 2009 20:07:07 -0300
Subject: Doping for your porksword!


falko 7th May 2009 18:04

This might help:
http://archives.neohapsis.com/archiv...2-04/1404.html
http://209.85.129.132/search?q=cache...ient=firefox-a

sufehmi 8th May 2009 04:39

Thanks Falco.

I've added soft_bounce = yes to postfix's /etc/postfix/main.cf

It'll cause postfix not to send any bounces. Which is what I need.

However, instead of dropping the email; postfix will defer it. So the problematic emails will stay in queues.
Clearly I won't be able to use this setting for extended period. However, it helps to avoid being blacklisted by SpamCop for the time being :)

So I'll keep looking. If anyone knows a more permanent solution, please do share it with us as well.


Thanks
Harry

sufehmi 8th May 2009 05:03

Quote:

Originally Posted by sufehmi (Post 186959)
Thanks Falco.

argh, I meant Falko :)


Thanks, HS

lieblm 11th June 2009 13:05

Dear Harry,
I am facing similar problem on my system. Thanks for the tip to switch on the soft_bounce, it temporarily works for me as well. If you find more permanent solution, please post it here. I will do likewise.
Regards
Martin


All times are GMT +2. The time now is 20:39.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.