server on backscatterer listed

Webmin
1

Hi

I have a problem with my postfix server. I can´t send to some email adresses. So i take a look if the IP is blacklisted and it is listed on http://www.backscatterer.org

I have a lot of log entries like this:

8515:Dec 6 23:28:29 server1.domain.tld postfix/qmgr[2851]: 1B8F8CF0015: from=<>, size=3804, nrcpt=1 (queue active)
8563:Dec 6 23:43:35 server1.domain.tld postfix/qmgr[2851]: 5D0695C3832E: from=<>, size=3042, nrcpt=1 (queue active)
8573:Dec 6 23:45:09 server1.domain.tld postfix/qmgr[2851]: 657EF5C38327: from=<>, size=3800, nrcpt=1 (queue active)
8574:Dec 6 23:45:09 server1.domain.tld postfix/qmgr[2851]: A9400CF0011: from=<>, size=3761, nrcpt=1 (queue active)

and what I´v read maybe this is the problem. Can anybody tell what I can do to avoid this in the future.

Server CentOS 5.2
Webmin with Virtualmin 3.75 installed with the install.sh script.

thx in advance!

2

Are you using any catchall email aliases?

That’s one way that can generate some backscatter and possibly land you on the blacklists.

-Eric

3

I have the same problem. I had to deactivate clamAV because of performance problems. Since then server is periodically being listed there. Where do I check this alies catchall? system is Debian 8.

4

could it also be to do with out of office responses set up by user on server ?

as an aside, I have modified my “Restrictions on recipient addresses” and “smtp client restrictions” by adding additional options, and it seems to help quite a bit by keeping a lot of spam at bay, but not sure if is 100%

“Restrictions on recipient addresses”
permit_mynetworks permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_rbl_client sbl.spamhaus.org reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client cbl.abuseat.org reject_rbl_client reject_unknown_reverse_client_hostname reject_unverified_recipient reject_unverified_recipient permit_inet_interfaces

5

Read the following link (it’s answer) and you will see the order in which restrictions are checked and why you (usually) need more than just the recipient ones.

https://serverfault.com/questions/833499/effects-of-restrictions-in-postfix/835513

This also might be useful - https://wiki.centos.org/HowTos/postfix_restrictions

EDIT: I was for the last few months, coming off backscatterer and then going back on straight away. After tightening up the restrictions in Postfix, I can off on 4 days ago and haven’t gone back on. Hopefully staying that way.

6