Backscatter.org integration?

[AndrewOC]

Release 6.0.5_GA_2213.RHEL5_64_20100203001950 CentOS5_64 FOSS edition.


Hi

Found this

Backscatterer.org powered by UCEPROTECT

and trying to implement to solve my backscatter spam woes

have added this

check_sender_access dbm:/opt/zimbra/conf/postfix_check_backscatterer

to the smtpd_recipient_restrictions setting in

/opt/zimbra/postfix-2.6.5.2z/conf/main.cf

then created the file

/opt/zimbra/conf/postfix_check_backscatterer

containing

<> reject_rbl_client ips.backscatterer.org
postmaster reject_rbl_client ips.backscatterer.org

did

postmap /opt/zimbra/conf/postfix_check_backscatterer
postfix reload
postfix/postfix-script: refreshing the Postfix mail system

rechecked the conf file and the setting has disappeared!

What am I doing wrong?

[AndrewOC]

Ah

I think I've found it

Edited

/opt/zimbra/conf/postfix_recipient_restrictions.cf


and inserted the check_sender line below the check_client line

[AndrewOC]

No, that's screwed it (eek!)

I needed to remove the line and restart the mta service after doing that otherwise the system would not send mail

Can any one help on this 145 bounce spam emails per day is not good!

Im off to take a dose of valium now after that panic

[uxbod]

Are you suffering from backscatter to all your accounts or just postmaster ?

[AndrewOC]

my non-postmaster account (andrew@) is getting hits all day long

No-one else is complaining so assume they are OK

Not checked postmaster@ account

[uxbod]

Do you have an SPF record for your domain ? Backscatter should be pretty easy to sort out without having to block at the MTA level.

[AndrewOC]

No, not heard of that before

do I just follow the wizard here :

SPF: Project Overview

[AndrewOC]

Ahh!!!

There is a spf entry left over from the original hosting provider on the records when doing host -a dexdyne.com from a non-zimbra system
e.g. :

Trying "dexdyne.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33742
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;dexdyne.com. IN ANY

;; ANSWER SECTION:
dexdyne.com. 14400 IN A 193.189.74.62
dexdyne.com. 14400 IN SOA ns1.svr14-speedyservers.com. servers.ukwsd.com. 2010040204 10800 7200 1209600 10800
dexdyne.com. 14400 IN TXT "v=spf1 a mx ip4:193.189.74.62 ?all"

dexdyne.com. 14400 IN MX 0 mail.dexdyne.com.
dexdyne.com. 10800 IN NS ns2.svr14-speedyservers.com.
dexdyne.com. 10800 IN NS ns1.svr14-speedyservers.com.

;; AUTHORITY SECTION:
dexdyne.com. 10800 IN NS ns1.svr14-speedyservers.com.
dexdyne.com. 10800 IN NS ns2.svr14-speedyservers.com.

;; ADDITIONAL SECTION:
mail.dexdyne.com. 14400 IN A 217.155.112.251
ns1.svr14-speedyservers.com. 3180 IN A 193.189.74.62
ns2.svr14-speedyservers.com. 3180 IN A 193.189.74.63


When filling in the SPF form I get this

If you run BIND
Paste this into your zone file:

dexdyne.com. IN TXT "v=spf1 ip4:217.155.112.251 mx mx:mail.dexdyne.com mx:dsl-217-155-112-251.zen.co.uk ~all"

When a mail server sends a bounce message, it uses a null MAIL FROM: <>, and a HELO address that's supposed to be its own name. SPF will still operate, but in "degraded mode" by using the HELO domain name instead. Because this wizard can't tell which name your mail server uses in its HELO command, it lists all possible names, so there may be multiple lines shown below. If you know which hostname your mail server uses in its HELO command, you should pick out the appropriate entries and ignore the rest.

So this should also appear in DNS. You may or may not be in charge of the DNS for these entries; if you are, add them.

dsl-217-155-112-251.zen.co.uk. IN TXT "v=spf1 a -all"
mail.dexdyne.com. IN TXT "v=spf1 a -all"


Can you take pity on a grown man who's about to weep into his keyboard and let me know what I need to do here ?

Thanks

[AndrewOC]

Just for completeness here's the host -a command when run on the local zimbra server

[zimbra@mail conf]$ host -a dexdyne.com
Trying "dexdyne.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8618
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;dexdyne.com. IN ANY

;; ANSWER SECTION:
dexdyne.com. 86400 IN SOA dexdyne.com. mail.dexdyne.com. 55 10800 900 604800 86400
dexdyne.com. 86400 IN NS mail.dexdyne.com.
dexdyne.com. 86400 IN MX 10 mail.dexdyne.com.
dexdyne.com. 86400 IN A 193.189.74.62

;; ADDITIONAL SECTION:
mail.dexdyne.com. 86400 IN A 10.215.2.100

[AndrewOC]

Help me obi wan!!