We have a mailbox that receives thousands of bounces from spam messages a day (for 2 weeks now).
The spam is send with the from and reply address of the our mailbox in the headers. The spam is mostly send to aol and yahoo addresses. We set up the spf record already with ~all and i changed it 2 weeks ago to -all.
Received from localhost (localhost.localdomain [127.0.0.1]) by my.mailserver.com (Postfix) with ESMTP id DD45CAC5A1 for <[email protected]>; Mon, 3 Apr 2017 11:17:37 +0200 (CEST)
X-Spam-Flag NO
X-Spam-Score -2.898
X-Spam-Level
X-Spam-Status No, score=-2.898 tagged_above=-5 required=6.31 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham
Received from my.mailserver.com ([127.0.0.1]) by localhost (my.mailserver.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id O1fVwS1XHyh8 for <[email protected]>; Mon, 3 Apr 2017 11:17:37 +0200 (CEST)
Received from galadevelopers.com (ip-203-124-105-72.ip.secureserver.net [203.124.105.72]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by my.mailserver.com (Postfix) with ESMTPSA id C0C47AC59F for <[email protected]>; Mon, 3 Apr 2017 11:17:36 +0200 (CEST)
Date Mon, 3 Apr 2017 09:17:34 +0000
To [email protected]
From Florence <[email protected]>
Reply-To Florence <[email protected]>
Subject See you every day at work
Message-ID <[email protected]>
X-Mailer PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
MIME-Version 1.0
Content-Type multipart/alternative; boundary="b1_4c86072817afbfc8e1af7586638808ff"
Content-Transfer-Encoding 8bit
([email protected] = our mailbox that receives the spam bounces) (my.mailserver.com = our mailserver that receivers the bounces (but didnt send the spam)) ([email protected] = is the initial receiver of the spam)
It look likes the spam is send from hacked websites/webservers because there is an x-mailer 'phpmailer' header.
I know that anyone can spoof the headers and send spam using our email address as sender.
Is there anything i can do about this to stop flooding the mailbox? Can i reject these bounces? Or delete them right away?
im working with postfix
edit: is it possible that my mailserver receives the bounce and try to send it again?
[email protected]
.