From owner-freebsd-questions@FreeBSD.ORG  Thu Jun 26 18:46:53 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 67D785D3
 for <freebsd-questions@freebsd.org>; Thu, 26 Jun 2014 18:46:53 +0000 (UTC)
Received: from mail-in6.apple.com (mail-out6.apple.com [17.151.62.28])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A347A2B1B
 for <freebsd-questions@freebsd.org>; Thu, 26 Jun 2014 18:46:52 +0000 (UTC)
Received: from mail-out.apple.com (mail-out.apple.com [17.151.62.49])
 (using TLS with cipher RC4-MD5 (128/128 bits))
 (Client did not present a certificate)
 by mail-in6.apple.com (Apple Secure Mail Relay) with SMTP id
 DA.48.27911.B9A6CA35; Thu, 26 Jun 2014 11:46:52 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII
Received: from relay8.apple.com ([17.128.113.102]) by local.mail-out.apple.com
 (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct
 22 2013))
 with ESMTP id <0N7S00KU5HFBOTG1@local.mail-out.apple.com> for
 freebsd-questions@freebsd.org; Thu, 26 Jun 2014 11:46:51 -0700 (PDT)
X-AuditID: 11973e15-f79cf6d000006d07-fd-53ac6a9ba164
Received: from [17.149.237.58] (Unknown_Domain [17.149.237.58])
 (using TLS with cipher AES128-SHA (128/128 bits))
 (Client did not present a certificate)	by relay8.apple.com (Apple SCV relay)
 with SMTP id E9.01.11638.C9A6CA35; Thu, 26 Jun 2014 11:46:52 -0700 (PDT)
Subject: Re: Spam Backscatter?
From: Charles Swiger <cswiger@mac.com>
In-reply-to: <CANnsUMGge=qPn4AcmuKpruCkA7jhzsmFYP0gouNuprHbuVqg_g@mail.gmail.com>
Date: Thu, 26 Jun 2014 11:46:50 -0700
Message-id: <640B1F34-F2DA-4B7C-A164-55BD6C663BA3@mac.com>
References: <CANnsUMEGFQG2C5=jPUauwzHKNezE-ZTZHoi0TxRWPRDxAQX6OA@mail.gmail.com>
 <3969729A-F60F-498A-8787-4E8B6978509D@mac.com>
 <CANnsUMGge=qPn4AcmuKpruCkA7jhzsmFYP0gouNuprHbuVqg_g@mail.gmail.com>
To: Chris Maness <chris@chrismaness.com>
X-Mailer: Apple Mail (2.1510)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrALMWRmVeSWpSXmKPExsUiON3OUHdO1ppgg1VPGC1eft3E4sDoMePT
 fJYAxigum5TUnMyy1CJ9uwSujA2dXewFE3gqblz9zN7A+JKzi5GTQ0LAROL2gn9MELaYxIV7
 69m6GLk4hARmMUns71oOluAVEJT4MfkeSxcjBwezgLzEwfOyIGFmAS2J749aWUBsIYGlTBJH
 d3rDzGy+8owRYk4vk8TTDVfYQRLCAnISu+feYgSZwyagJjFhIg9ImFMgWKLx4l+wOSwCqhL9
 U46xQsx3lvjy7x0rxAlWEt2NE6FuO8Uo0TQT5FBODhEBDYljP/ewQyyWlTh97jkLSJGEwGdW
 iY51/9gnMArPQvLDLIQfZiH5YQEj8ypGodzEzBzdzDwzvcSCgpxUveT83E2MkCAW3cF4ZpXV
 IUYBDkYlHl4DjzXBQqyJZcWVuYcYpTlYlMR5He+tChYSSE8sSc1OTS1ILYovKs1JLT7EyMTB
 KdXAWMleZ6apw75lbpCKSdMOX+7QoIla1x9Uvp/UcO3GHdZFjjoVB+f0NJb71v6ct1sovLI8
 dOYbYZVztk859x1XfZrQocTw6c6kWKYsvR/nlwaU+He2cOgUP/5yZGWS/Iv+Ei6xWJ3cnFKH
 TZW6b5svd3vwvc0rY1FKNt4h4arn0ub5Ys2ppfZKLMUZiYZazEXFiQBTE+yDQwIAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprPLMWRmVeSWpSXmKPExsUiOPWtle6crDXBBpc2ilucn3yP2eLl100s
 DkweLz++YPeY8Wk+SwBTFJdNSmpOZllqkb5dAlfG16Y57AUneSoufa5tYOzi6mLk5JAQMJFo
 vvKMEcIWk7hwbz1bFyMXh5BAL5PEgputYAlmAS2JG/9eMnUxcnDwCuhJbP8lBxIWFpCT2D33
 FiNImE1ATWLCRB6QMKdAoMS8/3dZQWwWAVWJ/inHWCGmOEt8+fcOytaWWLbwNTOIzStgJbF/
 B0SNkMARRomb+01BbBEBDYljP/ewQ5wmK3H63HOWCYz8s5AcNAvhoFlIpi5gZF7FKFCUmpNY
 aaGXWFCQk6qXnJ+7iREUbA2FaTsYm5ZbHWIU4GBU4uE18FgTLMSaWFZcmXuIUYKDWUmEd5sn
 UIg3JbGyKrUoP76oNCe1+BCjNAeLkjjv6YjFwUIC6YklqdmpqQWpRTBZJg5OqQbGBT8+xey9
 e9RfZqKRwwEj4/yCRyvF/xfO5g+/cc9hQf3axPN1KpwL/Ipdri9WUP4g5bjurdM3NTd250xd
 /dfr0zYrPQ5YV53+LHTT29sfWpdvKzt4YPEqpZOv+HntONvZTlwrKPOO6LwbsddBtCzr5WJX
 vals/HsuztxaE7piubWSyoRJ37NvKrEUZyQaajEXFScCAMu1xBEyAgAA
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 18:46:53 -0000

Hi--

On Jun 26, 2014, at 11:32 AM, Chris Maness <chris@chrismaness.com> wrote:
> On Thu, Jun 26, 2014 at 11:04 AM, Charles Swiger <cswiger@mac.com> wrote:
>> On Jun 26, 2014, at 6:36 AM, Chris Maness <chris@chrismaness.com> wrote:
>>> Does spam in my outgoing queue mean that I am generating backscatter from
>>> failed spam delivery?
>> 
>> Probably.  (Or you're generating it locally, or relaying it....)
> 
> I am not an open relay as far as I can tell.  I am not listed on any RBL, and I have had an email security test, and it confirmed I am not either.  I don't see any suspicious processes running?  Are there anymore things that I could check to verify this?

Check your sendmail logs for queue IDs of the mail in the outgoing queue.
If those were received by your server from outside, then it's likely backscatter.

>>> If so, how can I filter it.  I currently have 118 messages in my outgoing queue.
>>> 
>>>  Suggestions?
>> 
>> Reject the spam at submission time, don't accept it and then try to bounce it.
> 
> What configuration changes do you recommend?  I am using sendmail with the only change to the configuration is the addition of 5 RBL's.

Explicitly blacklisting frequent bad sending IPs via REJECT in /etc/mail/access helps.
For a small domain, greylisting also works well, something like http://hcpnet.free.fr/milter-greylist/.
There are other useful milters like: http://www.benzedrine.cx/milter-regex.html.

http://www.sendmail.com/sm/open_source/docs/m4/anti_spam.html

Regards,
-- 
-Chuck