2
Backscatter
Question asked by Brian Gallutia - 3/29/2015 at 1:05 PM
Unanswered
I have one user on the mail server whose email address is being used to send out spam via an "unknown host." Every morning, like clockwork, the queue fills up with these mystery emails from this user and it appears that some of them even go through while the others stay in the queue until expiration.
 
Does anyone have any advice on how to prevent this from happening?  It's always been an issue but now it's affecting my server's rating with SenderBase and it's becoming a problem.

Thank you for any help in advance.

9 Replies

Reply to Thread
0
Brian Gallutia Replied
*bump*
0
Paul Blank Replied
Is there any info in the SM logs that can give you a clue to what's happening?
 
0
Brian Gallutia Replied
Hopefully the attached file illustrates my problem better than I am.  Every morning, my user phil[at]manningmaterialsinc[dot]com gets a ton of bounce-backs from emails he didn't send, from a server that is stating it's mail.pcsdesk.com but isn't (this server's IP is 23.23.206.207).
 
 
Even though my server isn't on any spam lists, it does get flagged by SenderBase regularly and it's turning into a real headache.
 
Any help is appreciated.
0
Brian Gallutia Replied
bump
0
Paul Blank Replied
Just noticed this again.  Did you ever resolve this?  Anything to do with the relay settings in SM?
 
0
Brian Gallutia Replied
No, never heard anything. I've resorted to shutting down the user's email account and turning it back on in the morning, since the backscatter on this account occurs overnight and early in the morning.

Since I've started this practice, the SenderBase reputation has been "Good." Unfortunately this isn't a solution and I'll need to figure out something soon. Thanks -
0
Bruce Barnes Replied
This looks more like joe-jobbing than "backscatter."
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Paul Blank Replied
If the incoming emails are always from the same server name (mail.mypcsdesk.com), can't they be automatically filtered by SM's filter settings, or am I missing something?
 
 
0
Brian Gallutia Replied
There's a new term for me. Thank you for the article link.

Reply to Thread