Hey,

We're seeing a lot of backscatter email (mainly "Mail Delivery Subsystem") to only one specific user here - no one else (out of about 150 people) have reported any problems.

The mail is coming in about once every 10 to 15 minutes. Spamassassin is running, and I double checked to see if the plugin as described here - VBounceRuleset - Spamassassin Wiki - is enabled. It is.

Below is the typical set of entries from zimbra.log for one of the backscatter emails. Please note we do not have anything configured in postfix, as detailed here - Dealing with backscatter, revisited / taint.org: Justin Mason's Weblog - as we've never run into issues like this before.. It seems strange it is just for one user, however - is there a way to configure these postfix changes for just one user? Or is there a better way?


Code:
Oct 25 09:26:15 mail postfix/smtpd[6911]: connect from mx1.aist.go.jp[150.29.246.133]
Oct 25 09:26:16 mail postfix/smtpd[6911]: 94713105B8001: client=mx1.aist.go.jp[150.29.246.133]
Oct 25 09:26:16 mail postfix/cleanup[13517]: 94713105B8001: message-id=<201110251326.p9PDQBgG018861@rpsmtp2.aist.go.jp>
Oct 25 09:26:17 mail postfix/qmgr[22490]: 94713105B8001: from=<>, size=27155, nrcpt=1 (queue active)
Oct 25 09:26:17 mail amavis[13985]: (13985-13) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20111025T084830-13985: <> -> <user@our_domain.com> SIZE=27155 Received: from mail.our_domain.com ([127.0.0.1]) by localhost (mail.our_domain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <user@our_domain.com>; Tue, 25 Oct 2011 09:26:17 -0400 (EDT)
Oct 25 09:26:17 mail amavis[13985]: (13985-13) Checking: UOCy8bjOCtqM [150.29.246.133] <> -> <user@our_domain.com>
Oct 25 09:26:17 mail postfix/smtpd[6911]: disconnect from mx1.aist.go.jp[150.29.246.133]
Oct 25 09:26:19 mail postfix/smtpd[15461]: connect from localhost.localdomain[127.0.0.1]
Oct 25 09:26:19 mail postfix/smtpd[15461]: 06331105B8007: client=localhost.localdomain[127.0.0.1]
Oct 25 09:26:19 mail postfix/cleanup[9125]: 06331105B8007: message-id=<201110251326.p9PDQBgG018861@rpsmtp2.aist.go.jp>
Oct 25 09:26:19 mail postfix/smtpd[15461]: disconnect from localhost.localdomain[127.0.0.1]
Oct 25 09:26:19 mail postfix/qmgr[22490]: 06331105B8007: from=<>, size=27877, nrcpt=1 (queue active)
Oct 25 09:26:19 mail amavis[13985]: (13985-13) FWD via SMTP: <> -> <user@our_domain.com>,BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 06331105B8007
Oct 25 09:26:19 mail amavis[13985]: (13985-13) Passed CLEAN, [150.29.246.133] [150.29.254.34] <> -> <user@our_domain.com>, Message-ID: <201110251326.p9PDQBgG018861@rpsmtp2.aist.go.jp>, mail_id: UOCy8bjOCtqM, Hits: 4.715, size: 27155, queued_as: 06331105B8007, 1541 ms
Oct 25 09:26:19 mail postfix/smtp[13520]: 94713105B8001: to=<user@our_domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=1.2/0/0/1.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 06331105B8007)
Oct 25 09:26:19 mail postfix/qmgr[22490]: 94713105B8001: removed
Oct 25 09:26:19 mail postfix/lmtp[15462]: 06331105B8007: to=<user@our_domain.com>, relay=mail.our_domain.com[38.99.141.99]:7025, delay=0.1, delays=0.01/0/0.02/0.07, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Oct 25 09:26:19 mail postfix/qmgr[22490]: 06331105B8007: removed