Linux – How to solve/disable spam sending with the postfix server on linux

emaillinuxPHPpostfixspam

I am quite new in setting up e-mail server on linux – I barely set up the whole think to get it working and connected it with my domain and php script which uses PHPMailer 5.2.1. In my setting I am using smtp server from my web provider (domain) and all e-mail which are not defined (trash) are sent on one simple address like I have address domain@domain.com. So when somebody will send email to something@domain.com it will be forwarded again to domain@domain.com even in case of failure.

I am receiving emails like:

Hi. This is the qmail-send program at comercio.interone.com.br.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<toa@adipar.com.br>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <Davis8FB@domain.com>
Received: (qmail 49156 invoked from network); 25 Jun 2012 07:34:57 -0300
Received: from unknown (HELO S0106602ad08df877.no.shawcable.net) (70.66.34.103)
  by hosting.interone.com.br with SMTP; 25 Jun 2012 07:34:57 -0300
Message-Id: <20120625034039.B45C12DCC3B13A22F261@GANDERTO-015445>
From: Ezra Whitehead <Davis8FB@domain.com>
To: toa <toa@adipar.com.br>
Reply-To: Jamey Mcconnell <Phoebe1BFE0@pension21.cz>
Subject: Welcome toa
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


Visit our shop http://44090.medicneed.ru/

113B726C73560AA41A68163AA474D5F1476
0225770686522678

As you can see there is line From: Ezra Whitehead <Davis8FB@domain.com> I am sure I did not send this email from my domain.com with some Davis8FB name and some russian page. This is just one of many and only NOT-delivered e-mails – there can be much more which has been sent successfully! What do I have wrong in my settings? How can I make it right? What should I do to prevent these messages to send? Where should I look? Thank you all.

Best Answer

This is known as backscatter spam which is where the spammer forges the From: or Return-Path: so that if a spam email bounces, it just becomes another opportunity to spam someone else.

You may notice that the To: address matches the same pattern as the From: address.

Unless you are running this mail server from your home ADSL connection, the original spam did not come from you.

The only thing you can do about these is detect them as spam and delete them. Spamassassin would be a good place to start.

If you feel up to it, you could contact the owners of the mail server that is sending the backscatter because that's frowned upon.