Need help with blacklist issue (how to blacklist from non-existing 'from' email)

[sizenet]

Hello,

First of all, even tho I am a new EFA user here... I must admit EFA is amazing. The reason I started to use EFA is obviously spam related... Let me summarize the problem and maybe you guys can point me to the right direction.

I started to receive lots of emails from postmaster@domain.com (always a different domain name) with the subject: Delivery report. To stop this annoying spam, this is what I did:

1- After installing and configuring EFA, I forwarded the MX record of the domain that is being spammed to the EFA.
2- As expected, all the emails are being delivered to EFA first, and if they are not spam they come to my inbox.
3- However, some of these postmaster@domainnamehere.com still make their way to the inbox directly....

For instance, I attached 2 screenshots to show how bad it is and what I can do to resolve it. Please see the attached(s).

How can I block the emails when the 'from' is empty (as you see in the screenshot)?

12.jpg (542.04 KiB) Viewed 3633 times

Second attached image also shows that empty 'from' email address that is why I can not add to the block list?

23.jpg (763.92 KiB) Viewed 3633 times

I checked the forums and found how to block the emails based on the subject line: viewtopic.php?t=597 -- tried the last post (solution) unfortunately, did not work.

I would appreciate if you guys can tell me how to properly block emails based on their email address - and if email address is not present - based on their subject...

Thank you for your help!

[nicola.piazzi]

are you sure that your system is not an open relay ?
Or it was an open relay previously and now you are receiving old NDR ?
if you send me your email address i can make a check of your config

[sizenet]

Hi Nicola,

Thank you for the quick response. I am sure the system is not an open relay.

I even checked with http://www.mailradar.com/openrelay/ to make sure.

I am sending you a PM.

Please check.

Thank you!!!

[ovizii]

You could give this a try: http://www.backscatterer.org/?target=usage

I am using the safe method with postfix and my check_backscatterer looks like this:

Code: Select all

<>              reject_rbl_client       ips.backscatterer.org
postmaster      reject_rbl_client       ips.backscatterer.org
MAILER-DAEMON   reject_rbl_client       ips.backscatterer.org

that should cut down at list a bit of that SPAM.

I also have this problem but those are basically backscatter if I am not mistaken. For the domains I host, I have setup SPF+DKIM+dmarc so there is absolutely no reason to send me this type of NDRs especially since most of the ones I receive are for non-existing recipients on my side, hence my guessing its backscatter SPAM.