Results 1 to 9 of 9

Thread: Backscattering

  1. #1
    Gimly is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    3

    Default Backscattering

    Hi All,

    I'm using Zimbra in my company but the system receive very high level of spam backscatterer.

    Actually, this is the Antispam configuration in admin panel of Zimbra : 20% tags SPAM and 90% delete SPAM.

    And, this is the restriction enabled on the MTA :

    zimbra@mail01:/root$ zmprov gacf | grep zimbraMtaRestriction
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: check_policy_service unixrivate/policy
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org

    But I've a question, what is the perfect solution to delete this backscatterer spam in Zimbra 8 ? If anyone have an howto for Zimbra v8, please ?

    Why Zimbra doesn't made default configuration to delete this spam ?

    Thank you in advance for your help.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by Gimly View Post
    Actually, this is the Antispam configuration in admin panel of Zimbra : 20% tags SPAM and 90% delete SPAM.
    You've modified those settings to make the spam worse, I suggest you search the forums to find out what the Kill & Tag percentages actually do.

    Quote Originally Posted by Gimly View Post
    But I've a question, what is the perfect solution to delete this backscatterer spam in Zimbra 8 ?
    There is no such thing as a 'perfect solutions' against spam.

    Quote Originally Posted by Gimly View Post
    If anyone have an howto for Zimbra v8, please ?
    Search the wiki and forums for details.

    Quote Originally Posted by Gimly View Post
    Why Zimbra doesn't made default configuration to delete this spam ?
    It does and you've changed the configuration to make it worse, I see very little spam on my server even with the default installation of ZCS. If you really have a backscatter problem then I'd suggest you search the forums (and the internet) for the words "backscatter" & "NDR".

    When you post a problem/question you should always give the exact release and version of ZCS that you're using (and update your forum profile) by giving the output of:

    Code:
    zmcontrol -v
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Gimly is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    3

    Default Backscatter/NDR Spam

    Hi all,

    My Zimbra version
    Release 8.0.2.GA.5569.UBUNTU10.64 UBUNTU10_64 FOSS edition.

    I open a new topic with backscatter problem because I want to know if I forgot setting on my Zimbra configuration.
    Currently, in my Zimbra server, few mailboxes receive NDR spam (over 20000 email by day on one mailbox). I made many different configuration to stop this return but without success.

    My antispam configuration in admin panel of Zimbra is :

    % Tags SPAM : 24
    % Delete SPAM : 66
    This is all my zimbra setting to prevent it :

    zimbra@myserver:~$ zmprov gacf | grep zimbraMtaRe
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: check_policy_service unixrivate/policy
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
    zimbraMtaRestriction: reject_rbl_client ips.backscatterer.org
    zimbraMtaRestriction: reject_non_fqdn_recipient
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: reject_unknown_recipient_domain
    zimbraMtaRestriction: reject_unauth_pipelining
    zimbraMtaRestriction: reject_unauth_destination
    zimbraMtaRestriction: reject_unverified_recipient
    zimbraMtaRestriction: reject_rbl_client sbl-xbl.spamhaus.org
    Or with postconf :

    zimbra@myserver:~$ postconf smtpd_recipient_restrictions
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unlisted_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net reject_rbl_client ips.backscatterer.org reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service unixrivate/policy, permit
    In /opt/zimbra/conf/zmconfigd, I change "POSTCONF smtpd_reject_unlisted_recipient" from "no" to "yes"

    I generate DomainKey for my domain and add public key in my DNS server.
    I create very restrictive SPF record :

    mydomain.fr. 10000 IN TXT "v=spf1 a ptr mx:mx01.mydomain.fr mx:mx02.mydomain.fr ip4:80.245.x.y -all"
    Is there any other setting to add in Zimbra (cli/webui/etc ...) to prevent this spam ?

    Thank you for your help.

  4. #4
    Gimly is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    3

    Default

    Any idea, on how-to block this spam ?

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by Gimly View Post
    Any idea, on how-to block this spam ?
    You only waited three hours to bump this thread, did you read any of the forum threads or wiki articles on this subject (as I suggested in my last post to you in your other thread of December 2012, which you did bother to give a reply)? Have you actually tried any of the solutions suggested in those threads/articles? In future do not start new threads when you already have one open on the same topic - I'll merge this with your other thread.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Gimly is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    3

    Default

    Ok, sorry Bill.

    Yes, I've search on the forums and on the wiki. In many threads, the solution is "search with backscatter or NDR spam" without real solution in Zimbra Forums.
    So, I read wiki and I apply all the setting for spam, but the backscatter spam continue. I don't understand why ?

    I know my Zimbra server doesn't verify complete email address to drop mail, when the address is not valid. Only verify domain. When I search on the forum, I don't find the setting.

    I apply setting that I add in my previous post and I follow this solution :

    - Backscatterer.org powered by UCEPROTECT
    - http://en.linuxreviews.org/HOWTO_Sto..._using_Postfix
    - Postfix Backscatter Howto

    I have no catchall-box. I don't have any other idea, I just wish that you provide me a track, if is it possible.

    Thank you for your help.

  7. #7
    Gimly is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    3

    Default

    Up !

    Any ideas please ?

    Thanks !

  8. #8
    PeteMajerski is offline Starter Member
    Join Date
    Aug 2012
    Posts
    2
    Rep Power
    2

    Default

    Quote Originally Posted by Gimly View Post
    Ok, sorry Bill.
    Yes, I've search on the forums and on the wiki. In many threads, the solution is "search with backscatter or NDR spam" without real solution in Zimbra Forums.
    So, I read wiki and I apply all the setting for spam, but the backscatter spam continue. I don't understand why ?
    I dont think Gimly you have any reason to apologize.
    I have exactly the same experience. Many months later and after days and hours of research and reading everything what possible
    I see there is NO CLEAR ANSWER in ANY forum or website, especially here in Zimbra.

    I guess Bill will write again "read more" but it doesn't help
    Result = everyday my server is closer and closer to be the blacklisted because of knocking to wrong or not existing doors.

    Most strange for me is that system scans emails by antivirus first and than generate answer - user unknown
    Clearly postfix_smtpd_reject_unlisted_recipient option is useless and doesnt work as it should.

    Long time ago I found info how to disable "unknown user" respond but it is totally not recommended so I ignore it and now I cant find it.
    In my situation definitely is no harm if 5-10 clients will loose their emails writing wrong address but the positive result will be about 300-1000 per day forged spam emails ignored

    Can anyone advice me if there is an easy option to disable this respond completely ?
    So if wrong email address > no respond, email dropped, and definitely it shouldn't be scanned by antivirus if nobody is going to read it

    Thanks

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by PeteMajerski View Post
    Clearly postfix_smtpd_reject_unlisted_recipient option is useless and doesnt work as it should.
    I don't know how you came to that conclusion, that feature is enabled by default on ZCS 8.0.2) unless you've disabled it and it works on my server - I see very little spam (or NDR spam) and unlisted recipients get rejected. You've also not provided any informat to substantiate your claim nor which version and release of ZCS is in use. You've also given no details of what changes or improvements (if any) you've made to the anti-spam system nor whether there's any RBLs in use (if there are, which ones are they?).

    The Postfix website (link is in an earlier post) has details on how to limit NDR spam, are you saying they don't know how to tune their own product?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Domain aliases without backscattering?
    By tobia in forum Administrators
    Replies: 6
    Last Post: 10-10-2011, 05:56 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •