Prevent Spam To Postmaster

Discussion in 'Server Operation' started by carlosinfl, Apr 13, 2011.

  1. carlosinfl

    carlosinfl New Member

    I've noticed I've been receiving spam to my 'postmaster' email address on my Postfix mail server. The messages are being forged to show To: & From: <[email protected]> but when I view the headers, I can see the details:

    Return-Path: <[email protected]>
    X-Original-To: [email protected]
    Delivered-To: [email protected]
    Received: from localhost (localhost.localdomain [])
    	by (Postfix) with ESMTP id 3807E77884B
    	for <[email protected]>; Wed, 13 Apr 2011 03:40:04 -0400 (EDT)
    X-Virus-Scanned: amavisd-new at
    X-Spam-Flag: NO
    X-Spam-Score: 3.718
    X-Spam-Level: ***
    X-Spam-Status: No, score=3.718 tagged_above=-999 required=5
    	tests=[BAYES_50=0.8, FH_HELO_ALMOST_IP=0.688, FREEMAIL_FROM=0.001,
    	UNPARSEABLE_RELAY=0.001] autolearn=no
    Received: from ([])
    	by localhost ( []) (amavisd-new, port 10024)
    	with LMTP id j60-uZsGA79i for <[email protected]>;
    	Wed, 13 Apr 2011 03:40:02 -0400 (EDT)
    Received: from ( [])
    	by (Postfix) with ESMTP id 60E1777882F
    	for <[email protected]>; Wed, 13 Apr 2011 03:40:02 -0400 (EDT)
    Received: from (account <[email protected]> HELO
    	by (CommuniGate Pro SMTP 5.2.3)
    	with ESMTPA id 967182120 for <[email protected]>; Wed, 13 Apr 2011 08:38:29 +0100
    From: <[email protected]>
    To: <[email protected]>
    Subject: Newsletter Wed, 13 Apr 2011 08:38:29 +0100
    Date: Wed, 13 Apr 2011 08:38:29 +0100
    MIME-Version: 1.0
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7bit
    X-Mailer: hmjo.27
    Message-ID: <[email protected]>
    Is there a way I can prevent this from happening? I'm guessing most people know that 'postmaster' is always a valid RTF account on most properly configured mail servers but I don't want people exploiting this.

    How can I eliminate the spam being sent to my postmaster account?
  2. falko

    falko Super Moderator ISPConfig Developer

  3. carlosinfl

    carlosinfl New Member

    I do use SpamAssassin / AMavisd-new on my Postfix server and it's scoring the messages but not enough to trigger anything:

    X-Spam-Status: No, score=4.123 tagged_above=-999 required=5	tests=[BAYES_50=0.8, FH_FROMEML_NOTLD=1.082, FREEMAIL_FROM=0.001,	HK_RANDOM_ENVFROM=0.001, RCVD_IN_BRBL_LASTEXT=1.449,	SPF_NEUTRAL=0.779, T_TO_NO_BRKTS_FREEMAIL=0.01,	UNPARSEABLE_RELAY=0.001] autolearn=no
    Lots of those rbl spam check clients look way dated and many don't even exist anymore. Just tried to verify a few and they mostly come back dead. :(

    The only ones that appear to still work today are:

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You should lower the score. I use a score of 3.501 instead of 5 on my servers and dont get any false positives.
  5. carlosinfl

    carlosinfl New Member


    My SpamAssassin is configured via Amavisd-new as so:

    $sa_tag_level_deflt  = -999.0;  
    $sa_tag2_level_deflt = 5.0;     
    $sa_kill_level_deflt = 8.0;     
    $sa_dsn_cutoff_level = 10;     
    $sa_quarantine_cutoff_level = 12; 
    So even if I lower the score, that will only alter the headers to label it spam, correct? It still wont block / prevent spam messages from being delivered.

    Could I not enter the range of IP 189.70.* into a 'client_access' file under /etc/postfix as follows:

    189.70.*      REJECT
    Is that not possible? I know if use the specific IP it will work but it seems like they have multiple servers that send from on that network.
  6. falko

    falko Super Moderator ISPConfig Developer

    You should lower $sa_kill_level_deflt - that's the score that is responsible for blocking spam.

Share This Page