1 Topic by smtpn00b

  • smtpn00b
  • Member
  • Offline
  • Registered: 2012-03-20
  • Posts: 8

Topic: Non-delivery based spam. How to handle?

I'm getting lots of not delivery based spam. Like someone spoofed the sending address as me to send spam to others and their e-mail system replies to my server because the recipient doesn't exist. I don't see any spamassassin related headers on these mails. My setup doesn't add headers unless spam score is above 2.0, but for all I know amavisd-new bypasses these types of mail all together?

I don't really understand the headers. No mention of my e-mail server at all.

Return-Path: <MAILER-DAEMON>
From: "Mail Delivery System" <MAILER-DAEMON@uniserv.uniplan.it>
To: <my-email@removedfor.privacy>
Subject: Undelivered Mail Returned to Sender
Date: Tue, 24 Jun 2014 16:04:31 +0200
Message-ID: <20140624140431.ACD3D287C9C@uniserv.uniplan.it>
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_068E_01CF8FC6.8D6951E0"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQFrLulSSdvOgdbUGaPHNVVhNg5apg==

________________________________

That was the header of the mail i recieved, which contained another e-mail as an attachment that had these headers:


Return-Path: <my-email@removedfor.privacy>
Received: from 187.54.30.82 (unknown [187.54.30.82])
    by uniserv.uniplan.it (Postfix) with ESMTP id 21AFD283EE8
    for <gcirillo@uniplan.it>; Tue, 24 Jun 2014 16:04:29 +0200 (CEST)
Received: from 10.0.0.139 ([10.0.0.139])
Message-ID: <B1F645ABD2F84FF8AFBAB6C12AB5A296@corient-sr>
From: "Esther" <my-email@removedfor.privacy>
To: "Myles" <gcirillo@uniplan.it>
Subject: =?utf-8?Q?Spam?=
i'm writing to find love
Date: Tue, 24-Jun-2014 14:04:25 GMT
MIME-Version: 1.0
Content-Type: text/html;
    format=flowed;
    charset="iso-8859-1";
    reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416
X-SpamInfo: FortiGuard - AntiSpam ip, connection black ip 187.54.30.82


Is there a way to force amavis to scan these types of messages or do I have an error in my setup? I do have SPF set up, but obviously not everyone will honor this.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Non-delivery based spam. How to handle?

Looks like backscatter spam.
Check this page to fight against this kind of spam: http://www.postfix.org/BACKSCATTER_README.html

3 Reply by smtpn00b

  • smtpn00b
  • Member
  • Offline
  • Registered: 2012-03-20
  • Posts: 8

Re: Non-delivery based spam. How to handle?

I've looked at that document before and I'm trying to understand but I don't think it would work for me. It talks about forged mail server information but I see no such things in the headers. There's no mention of any server resembling mine at all.

Aren't these mailer-daemon messages scanned like any other e-mail?

4 Reply by smtpn00b

  • smtpn00b
  • Member
  • Offline
  • Registered: 2012-03-20
  • Posts: 8

Re: Non-delivery based spam. How to handle?

I'm experimenting with this right now.

https://wiki.apache.org/spamassassin/VBounceRuleset

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Non-delivery based spam. How to handle?

smtpn00b wrote:

It talks about forged mail server information but I see no such things in the headers.

That's how it works. I suggest you read the document again.