Linux, Unix, and *nix like Operating Systems Forum

You can get 'backscatter' when a SPAMmer's outbound mails fraudulently (mis)use your legit address but pass nowhere near your machines.

Sometimes this is used specifically to make people angry with you or to DoS your mail system.

One way to reduce this is to set up something like SPF so that fewer remote mail servers will accept the mails being sent in your name because those servers will be able to tell that the mails are bogus/fraudulent. SPF only requires a single additional text record in the DNS info for your mail domain.

Rgds

Damon

Thanks for your reply, the problem (I think) with setting up an spf record is that in general mail is not generated on the server (ie users don't use a webmail package) they use client based (ie outlook) however the server does generate email for this address when sending out confirmations and the like, so for the spf it does have to allow mail from the server (albeit limited and automatically generated) but it then has to allow mail from an unspecifiable number of isps... does this make sense?

But this morning I had this in my logwatch ouptut :

Top relays (recipients/connections - min 10 rcpts, max 50 lines):
32/32: localhost.localdomain [127.0.0.1]
30/30: apache@localhost

19/19: mailgate2.arcor-ip.de [145.253.2.48]

I could legitmately expect the top two (although given that the server only sent out 10 messages as apache that still confuses me) but the .de shouldn't be there.

Below is one of the email pairs associated with that relay.

Jun 19 16:36:09 #*$!#*$!x1 sendmail[28057]: m5JFa98w028057: from=<>, size=7988, class=0, nrcpts=1, msgid=<20080619153601.6AB64F0D681@mailgate1.adm.arcor.net>, proto=ESMTP, daemon=MTA, relay=mailgate2.arcor-ip.de [145.253.2.48]
Jun 19 16:36:12 #*$!#*$!x1 sendmail[28058]: m5JFa98w028057: to=<enquire@#*$!#*$!#*$!#*$!.co.uk>, delay=00:00:03, xdelay=00:00:03, mailer=local, pri=38213, dsn=2.0.0, stat=Sent