[NilesF]

i recently received a call from our cable provider that they are receiving complaints that one of our ip addresses is sending spam.

I have a feeling that this can be caused by emails that are sent out in bulk and our system is flagging the inbound and then delivering the rest of the email list.

the only domain in the relay_domains is our external email domain.

I am not sure what to check for this.

thanks

[mr88talent]

Code: Select all

I have a feeling that this can be caused by emails that are sent out in bulk and our system is flagging the inbound and then delivering the rest of the email list.

This sentence makes little sense to me. If you are sending bulk mail, then you probably will get flagged as a spammer.

[NilesF]

sorry, that is not what I meant to say. What I meant was:

if an email is sent to 100 people and I am one of those recipients (and the mail is SPAM), the mail for me gets flagged as spam, what happens to email that is intended for the other 99 ?

I hope that is a better explanation.

we are not sending the spam.

[mr88talent]

Are you responsible for all 100 recipients? If you are not, you will not know what happens to other people's mail. The question is, are you bouncing spam? Are you using amavisd-new? If so, what is $final_spam_destiny set to? Is the IP address they are referring to and IP address of a server? If you don't send spam, but do bounce spam, this is called backscatter and you can get blacklisted for it. Another possibility is that you have an infected Windows zombie sending spam.


http://en.wikipedia.org/wiki/Backscatter_(e-mail)

[NilesF]

I am using amavis-new, I am not responsible for the 100 emails.

$final_spam_destiny is set to D_PASS;

the reason why I am doing it with D_PASS is because I just want to tag the spam, and send it to our exchange server, in case it is falsely tagged we still get the email.

[mr88talent]

If you are passing the spam, it should not bounce, so that setup should not create backscatter, at least not for spam you receive - unless your users are replying to the spam. How about other the other $final_*_destiny settings? I hope $final_virus_destiny is not set to D_BOUNCE.

As I mentioned, another possiblilty is that you have an infected PC sending spam. Are you sending out bulk mail, like newsletters and such that may be considered spam by some people? May I assume that there are a number of NAT'd machines behind the aformentioned IP address, or does this address refer to a single machine?

[NilesF]

my settings are as follows:

$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;

this ip address is only one of our servers.

[mr88talent]

Your setting should be OK provided you do not have a lot of banned messages bounced. When you say the IP address is one of your servers, it is the Postfix server, or one of your Exchange servers? If it's an Exchange server, and you send mail out through that server, it's possible that some of the recipients you send mail to consider some of your mail spam. Did your cable provider supply any more details that may provide clues? If you were to contact the person who complained to the cable provider, they may be able to supply samples of what it is they are complaining about.