This is a problem that many of us are facing, because Postfix
installations are by default vulnerable to this. I don't know about other
mail servers.
I recently noticed when checking mailq that that my system has bounces
from MAILER-DAEMON going out to unusual addresses. The messages are a
standard delivery service notification but what concerned me is they
didn't originate on my system, and because of the junk in the body
contents I am the one sending out this spam!
That's the kind of thing that can get you blacklisted if you hit a
spamtrap. Time to check if you're relaying junk. I certainly receive a
lot of it from other mail servers!
Search your postfix logs for "mail forwarding loop" and see if your
outgoing queue has strange DSNs. Here's what the spammers are doing: they
send mail containing a Delivered-To: field, which causes Postfix to
detect what it thinks is a forwarding loop. A new error DSN is
constructed and sent back to the "originator" (which is a forged address
of course). So you have sent an annoying, spammy error back to the
victim.
I skimmed through the postfix mailing list and there is no fix on the
Postfix side so you'll have to modify your configuration somehow to
prevent these attacks. Since I use renattach as a filtering module, I
added a new switch (--loop) which tells renattach to drop the Delivered-
To field on incoming mail. Since locally delivered mail doesn't go
through the filter service, this preserves normal loop detection locally.
If you want to grab this new version, it's at
http://www.pc-tools.net/unix/renattach/
See the INSTALL file to integrate with Postfix as a filter.
--
Jem Berkes
Software design for Windows and Linux/Unix-like systems
http://www.sysdesign.ca/
