Spam Backscatter?

[Charles Swiger]

Hi--

On Jun 26, 2014, at 11:32 AM, Chris Maness <chris at chrismaness.com> wrote:
> On Thu, Jun 26, 2014 at 11:04 AM, Charles Swiger <cswiger at mac.com> wrote:
>> On Jun 26, 2014, at 6:36 AM, Chris Maness <chris at chrismaness.com> wrote:
>>> Does spam in my outgoing queue mean that I am generating backscatter from
>>> failed spam delivery?
>> 
>> Probably.  (Or you're generating it locally, or relaying it....)
> 
> I am not an open relay as far as I can tell.  I am not listed on any RBL, and I have had an email security test, and it confirmed I am not either.  I don't see any suspicious processes running?  Are there anymore things that I could check to verify this?

Check your sendmail logs for queue IDs of the mail in the outgoing queue.
If those were received by your server from outside, then it's likely backscatter.

>>> If so, how can I filter it.  I currently have 118 messages in my outgoing queue.
>>> 
>>>  Suggestions?
>> 
>> Reject the spam at submission time, don't accept it and then try to bounce it.
> 
> What configuration changes do you recommend?  I am using sendmail with the only change to the configuration is the addition of 5 RBL's.

Explicitly blacklisting frequent bad sending IPs via REJECT in /etc/mail/access helps.
For a small domain, greylisting also works well, something like http://hcpnet.free.fr/milter-greylist/.
There are other useful milters like: http://www.benzedrine.cx/milter-regex.html.

http://www.sendmail.com/sm/open_source/docs/m4/anti_spam.html

Regards,
-- 
-Chuck