From owner-freebsd-questions@FreeBSD.ORG Thu Sep 25 16:40:46 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F3A16106568D for ; Thu, 25 Sep 2008 16:40:45 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from smtprelay.b.hostedemail.com (smtprelay0057.b.hostedemail.com [64.98.42.57]) by mx1.freebsd.org (Postfix) with ESMTP id B00A48FC25 for ; Thu, 25 Sep 2008 16:40:45 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254]) by smtprelay04.b.hostedemail.com (Postfix) with SMTP id 4A1B59C53A; Thu, 25 Sep 2008 16:40:44 +0000 (UTC) X-SpamScore: 1 X-Spam-Summary: 2, 0, 0, a2028a0c6d12ee96, 6dbead41aaceca69, eagletree@hughes.net, , RULES_HIT:355:379:541:564:599:601:945:946:960:973:980:988:989:1260:1261:1277:1311:1313:1314:1345:1359:1437:1461:1515:1516:1518:1534:1541:1593:1594:1711:1730:1747:1766:1792:2194:2199:2393:2553:2559:2562:2693:2892:3027:3353:3636:3865:3866:3867:3868:3869:3870:3871:3872:3873:3874:4184:4250:4699:5007:6119:7652:7904:9108, 0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:, MSBL:none, DNSBL:none Received: from [192.168.0.3] (dpc6744118153.direcpc.com [67.44.118.153]) (Authenticated sender: eagletree@hughes.net) by omf12.b.hostedemail.com (Postfix) with ESMTP; Thu, 25 Sep 2008 16:40:38 +0000 (UTC) In-Reply-To: <200809250934.57150.david@vizion2000.net> References: <200809250934.57150.david@vizion2000.net> Mime-Version: 1.0 (Apple Message framework v753) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chris Pratt Date: Thu, 25 Sep 2008 09:40:34 -0700 To: FreeBSD-Questions Questions X-Mailer: Apple Mail (2.753) X-session-marker: 6561676C6574726565406875676865732E6E6574 Cc: David Southwell Subject: Re: Flooded with emails to root -- URGG X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2008 16:40:46 -0000 On Sep 25, 2008, at 9:34 AM, David Southwell wrote: > Hi > > I am running postfix. > > Am receiving a flood of emails that appear to emanate from Servers > who have > received spam that has masqueraded root@mydomain as the email source. > > Could anyone please suggest the best way of dealing with these. > Please bear in > mind I am not all that familiar with postfix so if anyone feels > treating me > like an idiot and spoonfeeding the actual command s to use I would > be most > appreciative > I have no idea what a command would be to stop receipt. Cutting off the original generation of the emails being spoofed is more to the point. You may want to look at SPF (openspf.org). If your domain is listed with an spf entry in DNS, you become less tempting as a domain to spoof. Over time, it will all but cease. Once you've created an SPF DNS record, many servers receiving mail spoofed for your domain will begin to drop it rather than backscatter emails back to your server. You should study the information on their site but in a nutshell, you create a TXT record in DNS that lists your servers IP as the only valid machine to send mail for your domain. This tells the others to drop emails from other IPs using your domain. It's relatively effective and painless.