Results 1 to 3 of 3

Thread: spam problems - from spoofed address

Hybrid View

  1. #1
    Join Date
    Dec 2007
    Posts
    84
    Rep Power
    7

    Default spam problems - from spoofed address

    I'm having a lot of problems with excessive spam (to our president)... It's basically a DOS... What's happening is that some spammers are sending out tons of spam and they're using our president's email address in the "From" field. Many thousands of emails "bounce-back" to his address hourly/daily...

    I'm trying to figure out how to block these bounce-backs... Technically, these "bounces" are not spam themselves, they are legitimate messages from legitimate servers, bouncing back a message to our pres telling him the message he "sent" is not being delivered... Of course HE NEVER SENT THEM, - I can see the originating server's ip address, and the one who originally sent the email is some server in Africa and some server in China or east asia.

    Anyway, the thing is; is there a good way to block these messages? I have to somehow block them based on the "original message", not the current message header... I've attached a sample message. They set the reply-to field to their email address to receive any actual replies, but by using agan@xxx.com in the "From" field, they send all the bounce-backs to me..



    Maybe there's a different approach I should be looking into..
    Attached Files Attached Files

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by mickier View Post
    I'm having a lot of problems with excessive spam (to our president)... It's basically a DOS... What's happening is that some spammers are sending out tons of spam and they're using our president's email address in the "From" field. Many thousands of emails "bounce-back" to his address hourly/daily...
    It's called 'backscatter' or 'NDR' spam, search the forums for those words and you'll find some information on how to reduce it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Dec 2007
    Posts
    84
    Rep Power
    7

    Default

    thanks for the suggestion, but unlike most of the other posters who describe backscatter/ndr, these are bouncing [only] to one of my [real] addresses. A spammer is using my president's email address as the "from" field... these are not a type of scatter email, these are all bounces back to our president's addr. Apparently a direct DOS attack on his account. Ignoring or rejecting non-real addresses wouldn't help in this specific case since all the bounces are addressed to him.

    The link you provided for another person's post do describe the exact problem we're experiencing, and there's a link there to some ideas of how to block them on postfix (http://www.postfix.org/BACKSCATTER_README.html) but unfortunately these are a bit beyond my current technical level, and appear a little outdated...

    It has helped answer the first question though - there doesn't seem to be a zimbra-implemented solution at this time, so I'll start looking into direct postfix solutions realizing zimbra will probably often undo my manual edits...
    Last edited by mickier; 03-14-2011 at 05:41 PM.

Similar Threads

  1. Help mail server broadcast spam
    By sh1n_b3 in forum Administrators
    Replies: 0
    Last Post: 01-19-2011, 06:44 PM
  2. Problems with address books
    By ivoks in forum Installation
    Replies: 2
    Last Post: 01-15-2008, 08:21 AM
  3. Adding Contacts to a Shared Address Book problems
    By chalkboy in forum Administrators
    Replies: 9
    Last Post: 01-10-2008, 12:13 AM
  4. iSync Connector / Apple Address Book Problems
    By jrosen in forum CalDAV / CardDAV / iSync
    Replies: 11
    Last Post: 04-16-2007, 03:40 PM
  5. Spam problems
    By mirner in forum Administrators
    Replies: 7
    Last Post: 11-20-2006, 10:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •