spammer using my email - postfix system

Discussion in 'Server Operation' started by sholtzrevtek, Aug 19, 2008.

  1. sholtzrevtek

    sholtzrevtek New Member

    I have this really really bad problem :confused:

    I have been getting these undelivered mail notifications in my inbox and I noticed the "from" addresses in the original email (that bounced) uses my domain address. So a lot of these email addresses would look like this: [email protected] (mydomain being my personal website address)

    The original email would be spam like stuff - "viagra vs. cialis" :eek:

    The first thing I thought was my mail server was being used an a open relay but I have this thing locked down and I did some online tests and all showed there was no open relay.

    I am completely perplexed. I modified the file for postfix and removed the smtp mail relay which is my ISP smtp since they block all port 25 traffic.

    So right now, I am kind of lost as to what is causing this issue. I looked at all my logs but I didn't really notice anything out of the ordinary. I would not have even known this was happening if it were not for the bounced emails I keep getting.

    Does anyone here have any experience with this kind of issue or could at least give me a hypothesis of what could be going on here.

    I am a complete noob so if there are any logs or other information you need, let me know and I will post it. Shoot, I will be your personal slave if that will get me through this.

    Thanks a million and I will buy a beer for anyone who can lead me to a solution :cool:
  2. ralic

    ralic New Member

    You probably don't have anything to worry about. This sounds like backscatter.
  3. sholtzrevtek

    sholtzrevtek New Member

    Well, it looks like I learned something new today. Jeez

    Thanks for the tip, that is exactly what is going on here.

    Is there a way to at least block all these NDR's? Maybe a configuration setting in Postfix?

    (I have actually been trying to do this but with no luck so far so this is why I am asking....not because I am too lazy to look it up :D )

    I tried this but I am still getting the NDR's:

  4. ralic

    ralic New Member

    Haven't faced this in any serious volumes, so unfortunately it's a bridge I haven't crossed.....yet. Maybe someone else cares to comment.
    Doesn't look like it's that simple. But you've already been to the source I see. :) Would it be worthwhile firing off an email to the postmaster addresses of the domains that are generating them? Would be doing the world a favour if they took more care with what they determine to be legitimate and what they bounce.

    If you haven't already, you could try implement spf records. Gives those of us that use it as part of our validation process a fighting chance. ;)

Share This Page