From owner-freebsd-questions@FreeBSD.ORG Fri Sep 26 18:26:13 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E66F71065692 for ; Fri, 26 Sep 2008 18:26:13 +0000 (UTC) (envelope-from david@vizion2000.net) Received: from dns1.vizion2000.net (77-99-36-42.cable.ubr04.chap.blueyonder.co.uk [77.99.36.42]) by mx1.freebsd.org (Postfix) with ESMTP id A50128FC19 for ; Fri, 26 Sep 2008 18:26:13 +0000 (UTC) (envelope-from david@vizion2000.net) Received: by dns1.vizion2000.net (Postfix, from userid 1007) id 1D1EC1CC1D; Fri, 26 Sep 2008 11:52:18 -0700 (PDT) From: David Southwell Organization: Voice and Vision To: freebsd-questions@freebsd.org Date: Fri, 26 Sep 2008 11:52:17 -0700 User-Agent: KMail/1.9.10 References: <200809250934.57150.david@vizion2000.net> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200809261152.17840.david@vizion2000.net> Cc: Chris Pratt Subject: Re: Flooded with emails to root -- URGG X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2008 18:26:14 -0000 On Thursday 25 September 2008 09:40:34 Chris Pratt wrote: > On Sep 25, 2008, at 9:34 AM, David Southwell wrote: > > Hi > > > > I am running postfix. > > > > Am receiving a flood of emails that appear to emanate from Servers > > who have > > received spam that has masqueraded root@mydomain as the email source. > > > > Could anyone please suggest the best way of dealing with these. > > Please bear in > > mind I am not all that familiar with postfix so if anyone feels > > treating me > > like an idiot and spoonfeeding the actual command s to use I would > > be most > > appreciative > > I have no idea what a command would be to stop receipt. Cutting off the > original generation of the emails being spoofed is more to the point. > > You may want to look at SPF (openspf.org). If your domain is listed > with an > spf entry in DNS, you become less tempting as a domain to spoof. Over > time, it will all but cease. Once you've created an SPF DNS record, many > servers receiving mail spoofed for your domain will begin to drop it > rather > than backscatter emails back to your server. > > You should study the information on their site but in a nutshell, you > create > a TXT record in DNS that lists your servers IP as the only valid > machine to > send mail for your domain. This tells the others to drop emails from > other > IPs using your domain. It's relatively effective and painless. > Thank you That really did the trick.. Within two hours the flood of backscatter (about 400 an hour) was virtually gone That was great advice David