Results 1 to 3 of 3
I am running a server primarily for mailman using postfix as the MTA. I have signed up for the feedback reports from AO L where they send you notification when ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 05-07-2009 #1
- Join Date
- May 2009
Postfix, AOL, Spam?
I am running a server primarily for mailman using postfix as the MTA. I have signed up for the feedback reports from AO L where they send you notification when they receive mail from your server that appears to be spam. Suddenly today I have been receiving 3 or 4 notifications a minute.
All of the notifications appear to be spam from my server from a non-existent email address but in my domain. The partial header information they provide seem to show an incoming connection from my server to theirs. They send the original message back to me as an attachment with some of the header redacted. All of the messages are a variant of this spam message that seems to be going around lately:
Your discount code #b upr um.
The problem is that what I find in the logs doesn't add up to me. I am seeing a lot of entries like this:
May 6 16:35:48 mailman postfix/smtpd: connect from (aolserver)[aolip]
May 6 16:35:49 mailman postfix/smtpd: NOQUEUE: reject: RCPT from (aolserver)[aolip]: 550 511 <sfink(at)(mydomain)>: Recipient address rejected: User unknown in local recipient table; from=<Grinderdude(at)aol> to=<sfink(at)(mydomain)> proto=ESMTP helo=<aoldomain>
(domains edited to get through the forum filter)
I'm kind of a postfix noob but doesn't this mean that my server rejected an incoming (highly dubious) connection *from* an AO L address? I'm not seeing anything in the log that would indicate my server initiating hundreds of connections *to* AO L.
Any thoughts or advice? Thanks.
- 05-07-2009 #2
is postfix rejecting them on the spot or are you doing some post-processing (amavis, clam, greylist)?
What could be happening is someone is using your box as a hopto to send spam, they send it from a bogus address to your server, and if your server doesn't drop it in the conversation and instead does some processing and then rejects it, you just created backscatter
here are some very good links on handling that
postfix backscatter - Google Search
- 05-07-2009 #3
- Join Date
- May 2009
No, I don't have any post-processing on this box.
Thanks for the backscatter link; I'll have too look at that more closely. At first glance that certainly looks like what I am seeing in the log.
I'm still confused about what AOL is reporting. If AOL was getting a multiple spams messages from me a minute wouldn't that show up in the log?