Results 1 to 4 of 4

Thread: Listed at backscatterer.org

  1. #1
    davidkillingsworth is offline Loyal Member
    Join Date
    Feb 2012
    Location
    Hong Kong
    Posts
    77
    Rep Power
    3

    Default Listed at backscatterer.org

    Hello,

    I have a mx record monitor configured at mxtoolbox.com. It watches several of the blacklists to see if your mx record or server IP is listed. If it gets listed, you get an email notification.

    Over the course of the last year it has been listed twice, and we were able to de-list it pretty easily.

    Today, I got a notification that it was listed on backscatterer.org. I went to the URL and put it in my server's IP address and this is the text that is listed.

    =========

    This IP IS CURRENTLY LISTED in our Database.
    Please note that this listing does NOT mean you are a spammer, it means your mailsystem is either poorly configured or it is using abusive techniques.
    This kind of abuse is known as BACKSCATTER (Misdirected Bounces or Misdirected Autoresponders or Sender Callouts). Click the links above to get clue how and why to stop that kind of abuse.


    To track down what happened investigate your smtplogs near 11.04.2013 14:22 CEST +/-1 minute.

    You will either find that your system tried to send misdirected bounces or misdirected autoresponders to claimed but in reality faked senders, or your system tried sender verify callouts against our members near that time.

    So you should look for outgoing emails that have a NULL SENDER or POSTMASTER in MAIL FROM.

    Reading your logs carefully it shouldn't be a big deal to figure out what caused or renewed your listing.


    History:
    11.04.2013 14:22 CEST listed

    A total of 1 Impacts were detected during this listing. Last was 11.04.2013 14:22 CEST +/- 1 minute.
    Earliest date this IP can expire is 09.05.2013 14:22 CEST.



    This IP is temporary listed.
    The listing will expire automatically and free of charge 4 weeks after the last abuse is seen from that IP.
    Expedited manual expressdelisting is available as an option, in case you do not want to wait for the automatic and free expiration.
    You will be charged 113 USD using one of the following payment services.
    WARNING: Before requesting expressdelisting make sure the problem which caused the listing is fixed, otherwise you are at risk to get listed again if new abuse becomes known.

    ==========

    I checked the mail.log.1 to find the date/time listed on the website and didn't see anything that looked too suspicious.

    I tried to check zimbra.log, but it had already been rotated 5 times and the oldest zimbra.log.4.gz was never than the date listed on the website.

    Does anybody have any ideas on how I can mitigat this?

    Thanks.
    Release 7.2.4_GA_2900.UBUNTU10_64 UBUNTU10_64 FOSS edition.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,506
    Rep Power
    57

    Default

    You should look in the log files (or the message queues) to see if messages are getting deferred (and the reason), you could also look at the wiki article on improving the anti-spam systemand/or search the forums for 'backscatter' and try some of the suggestions in any threads you find. There's also this information from a search.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    Zimbra 7.1.2 was sending non-delivery notifications to (faked)e-mail addresses when a virus or banned extension was found, ie. backscatter. It requires you to edit the amavisd.conf.in file to correct the final destination of the non-delivered message. There is a forum article about this with details. Search for that. Then do a google for the amavisd.conf to see the most current variables. The forum article is dated as to the correct variable but the idea is correct.

  4. #4
    davidkillingsworth is offline Loyal Member
    Join Date
    Feb 2012
    Location
    Hong Kong
    Posts
    77
    Rep Power
    3

    Default

    Quote Originally Posted by Bill Brock View Post
    Zimbra 7.1.2 was sending non-delivery notifications to (faked)e-mail addresses when a virus or banned extension was found, ie. backscatter. It requires you to edit the amavisd.conf.in file to correct the final destination of the non-delivered message. There is a forum article about this with details. Search for that. Then do a google for the amavisd.conf to see the most current variables. The forum article is dated as to the correct variable but the idea is correct.
    I looked around, but I am not sure which article you are referring to. Could you point me in the right direction?
    Release 7.2.4_GA_2900.UBUNTU10_64 UBUNTU10_64 FOSS edition.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Distribution list not listed in GAL
    By LinU777 in forum Users
    Replies: 1
    Last Post: 07-13-2012, 04:12 AM
  2. address not listed for hostname
    By pigui in forum Administrators
    Replies: 1
    Last Post: 05-11-2012, 11:19 PM
  3. Backscatterer - being blocked regularly.
    By anton.aleksandrov in forum Administrators
    Replies: 1
    Last Post: 12-02-2009, 11:32 AM
  4. Email not listed......?
    By tarson in forum General Questions
    Replies: 9
    Last Post: 06-14-2009, 01:37 PM
  5. [SOLVED] Spam - ips.backscatterer.org
    By chrisp8756 in forum Administrators
    Replies: 4
    Last Post: 03-10-2009, 05:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •