Results 1 to 7 of 7
  1. #1
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,129

    Default Backscatter and spamassassin??

    I saw a post a while back in the Spamassassin website about the ability to stop the backscatter messages. We get hundreds of them a day.

    Our email server is Firstclass running on a mac server and does not appear to have the ability to stop them.

    Has anyone tried to stop backscatter in UT?

    Lannie

  2. #2
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,129

    Default

    OK, I went ahead and followed the guide on the Spamassassin site and tested it and it appears to work, so I will continue to monitor it.

    Here are the steps:

    SSH into your UT box.

    Type in the following commands:

    Code:
    nano /etc/mail/spamassassin/local.cf
    Add the following line:

    Code:
    whitelist_bounce_relays host.yourdomain.com
    (of course replace the host.yourdomain.com with your real mail server hostname and domain)

    If you arent sure what that is, type in:

    Code:
    host xxx.xxx.xxx.xxx
    where xxx is your public IP of your email server. It should resolve to the real hostname and domain of your email server.

    Now test spamassassin to insure all of it's settings are good:

    Code:
    spamassassin --lint
    If you get no errors, you are good.

    I added a test bounce email and used it to test. Type the following command and paste the contents after it into the file and save it:

    Code:
    nano /etc/mail/spamassassin/sample-bounce.txt
    Code:
    Return-Path: <>
    X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
    	li9-234.members.linode.com
    X-Spam-Level: 
    X-Spam-Status: No, score=-1.3 required=3.0 tests=AWL,BAYES_00 autolearn=ham
    	version=3.2.4
    X-Spam-Report: 
    	* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
    	*      [score: 0.0006]
    	*  1.3 AWL AWL: From: address is in the auto white-list
    X-Original-To: ed@localhost
    Delivered-To: ed@localhost
    Received: from localhost (localhost [127.0.0.1])
    	by li9-234.members.linode.com (Postfix) with ESMTP id 59A64F4285
    	for <ed@localhost>; Mon, 12 May 2008 11:07:29 -0400 (EDT)
    Received: from www2.frenchguys.com [212.37.196.113]
    	by localhost with POP3 (fetchmail-6.2.5)
    	for ed@localhost (single-drop); Mon, 12 May 2008 11:07:29 -0400 (EDT)
    Received: from cbxemf01sf.cov.com (smtpsf.cov.com [216.200.93.196])
    	by dns1.kommando.com (8.12.9/8.12.9) with ESMTP id m4CF6jr2090939
    	for <edasque@frenchguys.com>; Mon, 12 May 2008 17:06:45 +0200 (CEST)
    X-WSS-ID: 643683631RK19753055-01-02
    Date: Mon, 12 May 2008 08:06:17 -0700
    From: "iago alamgir" <edasque@frenchguys.com>
    To: "iago alamgir" <edasque@frenchguys.com>
    Message-ID: <643683631RK19753056-01@WorldSecure_cov.com>
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
     boundary="_-==643683631RK6487941==-_"
    Subject: Undeliverable - Recipient does not exist
    X-UIDL: EY?"!%1i"!C#j"!UL'!!
    
    
    --_-==643683631RK6487941==-_
    Content-Type: text/plain;
     charset=iso-8859-1
    Content-Disposition: inline
    
    Your message did not reach some or all of the intended recipients.  The
    e-mail account does not exist.  Check the e-mail address or contact the
    recipient directly to confirm the address.
    
    "Devon Roy" <jhrc@cov.com>
    
    --_-==643683631RK6487941==-_--
    Run the following command to test it:

    Code:
    spamassassin -Lt < /etc/mail/spamassassin/sample-bounce.txt
    You should see the following lines at the end if it works:

    0.1 BOUNCE_MESSAGE MTA bounce message
    0.1 ANY_BOUNCE_MESSAGE Message is some kind of bounce message


    Let me know how this works. I will continue to monitor it and see what happens.

    Lannie

    PS This was done on UT 6.2.
    Last edited by lschafroth; 11-17-2009 at 02:35 PM.

  3. #3
    Master Untangler
    Join Date
    May 2008
    Location
    Iowa
    Posts
    121

    Default

    Has this improved the backscatter problem?

  4. #4
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,129

    Default

    I have not heard from any of my users since I made the change. I havent gone through their inboxes to check since then either. Now you are making me WORK!!

    I'll go check.

    Lannie

  5. #5
    Master Untangler angelln's Avatar
    Join Date
    May 2009
    Posts
    143

    Default

    Thats worth a look,,,thanks

  6. #6
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,129

    Default

    I do not see any at this point. We were getting 100's so this looks very promising.

    Lannie

  7. #7
    Master Untangler
    Join Date
    May 2008
    Location
    Iowa
    Posts
    121

    Default

    Very awesome, Will implement tomorrow.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2