Prev: postfix as forwarder and backscatterer problem
Next: postfix as forwarder and backscatterer problem
From: "N. Yaakov Ziskind" on 22 Jul 2010 11:18
Sometimes the downstream MX has a 'special cookbook' of super secret
anti-spam body checks, and you will always have this problem.

Vasya Pupkin wrote (on Thu, Jul 22, 2010 at 06:37:26PM +0400):
> It is already as restrictive as possible and acceptable for me. I do
> not want to loose any non-spam mail as well, so I am not going insane
> adding network block based rbl domains, but I am using most reliable
> rbl domains, including zen.spamhaus.org, bl.spamcop.net,
> cbl.abuseat.org, b.barracudacentral.org, and some more, and some
> Postfix internal check including reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unknown_sender_domain, and some
> more.
>
> On Thu, Jul 22, 2010 at 6:28 PM, Mikael Bak <mikael(a)t-online.hu> wrote:
> > Vasya Pupkin wrote:
> >> Hello.
> >>
> >> First, I have spent two days reading articles and searching web for
> >> solution but failed there. I am using postfix as an mx for my domains,
> >> it accpets mail for different addresses withing my domains which is
> >> then forwarded to other external domains, i.e. google.com and other
> >> mail services. Mail for unknown users is rejected, many other check
> >> are performed, but still sometimes my system acts as a backscatterer
> >> when something like this happens:
> >>
> >> 1. Incoming mail passes all tests, it's coming to one of the addresses
> >> within my domain, i.e. existing-user(a)mydomain.tld
> >> 2. Postfix then forwards mail to external domain, i.e. myemail(a)mailservice.tld
> >> 3. For some reason mailservice.tld rejects this mail, i.e. it doesn't
> >> like it's content or size.
> >> 4. Postfix then bounces mail to sender, which can be forged, and thus,
> >> becoming a backscatterer.
> >>
> >> Is there any way to prevent postfix from sending bounces anywhere?
> >
> > Hi Vasya,
> >
> > To be sure to not acting as a backscatter you will have to configure the
> > front mx to be as restrictive regarding content and mail sizes as the
> > final destination is. Otherwise you will see problems like the theese.
> >
> > HTH,
> > Mikael
> >
> >

--
_________________________________________
Nachman Yaakov Ziskind, FSPA, LLM awacs(a)ziskind.us
Attorney and Counselor-at-Law http://ziskind.us
Economic Group Pension Services http://egps.com
Actuaries and Employee Benefit Consultants

From: Eray Aslan on 22 Jul 2010 11:29
On Thu, Jul 22, 2010 at 06:52:22PM +0400, Vasya Pupkin wrote:
> You of course understand that this is not possible, right?

Yes, I am sure he does. That was sarcasm. Anyway,

If the amount of backscatter is small, do not change behaviour. But
accept the fact that (prepare for) you might get blacklisted in the
future.

If that is not acceptable, stop forwarding mail to domains that you do
not control.

In any case, preventing bounces is not a good solution. You will be doing
a disservice to your customers.

Please do not top-post.

--
Eray

From: Mark Goodge on 22 Jul 2010 11:54
On 22/07/2010 16:29, Eray Aslan wrote:
> On Thu, Jul 22, 2010 at 06:52:22PM +04
>
> If the amount of backscatter is small, do not change behaviour. But
> accept the fact that (prepare for) you might get blacklisted in the
> future.
>
> If that is not acceptable, stop forwarding mail to domains that you do
> not control.
>
> In any case, preventing bounces is not a good solution. You will be doing
> a disservice to your customers.

Eray makes some good points here. But I think this is worth amplifying
and restating.

"Backscatter" does not mean the same thing as "bounce messages". What it
means is "incorrectly routed bounce messages" - that is, bounces which
go to people who have had their email address forged by spammers, rather
than bounces which go back to the person who actually sent the email.

Some bounce messages are unavoidable, and necessary. They are an
integral part of the way that email works. So, if you find yourself in a
situation where you need to send bounce messages, then you should send
them. That means being prepared to take the risk of sending a small
amount of backscatter occasionally. The important thing is to minimise
the number of times when bounces are necessary, rather than trying to
eliminate even the necessary ones. You can do that by means of several
tried and tested methods, such as recipient verification. It isn't
necessary to prevent every bounce, merely to reduce their numbers to
trivial levels.

In particular, if a bounce is caused by a downstream MTA rejecting an
email because it's too large, then that's an unavoidable bounce. But
it's also unlikely to be backscatter, because most spam is fairly small
and rarely gets trapped by size filters. Size-related rejections are
almost always caused by real, live humans sending their friends and
colleagues unnecessarily large files. So these senders need to see the
bounce, in order to learn the error of their ways :-) It isn't helping
anyone if such bounces are suppressed rather than passed on.

Mark
--
http://mark.goodge.co.uk

From: Vasya Pupkin on 22 Jul 2010 12:02
I'm my own only customer. And I understand risks of disabling bounce
feature. I understand that someone will not get a notification if his
email will not be delivered to me, but I can live with it.

On Thu, Jul 22, 2010 at 7:29 PM, Eray Aslan <eray.aslan(a)caf.com.tr> wrote:
> On Thu, Jul 22, 2010 at 06:52:22PM +0400, Vasya Pupkin wrote:
>> You of course understand that this is not possible, right?
>
> Yes, I am sure he does.  That was sarcasm.  Anyway,
>
> If the amount of backscatter is small, do not change behaviour.  But
> accept the fact that (prepare for) you might get blacklisted in the
> future.
>
> If that is not acceptable, stop forwarding mail to domains that you do
> not control.
>
> In any case, preventing bounces is not a good solution.  You will be doing
> a disservice to your customers.
>
> Please do not top-post.
>
> --
> Eray
>

From: Vasya Pupkin on 22 Jul 2010 12:06
> In particular, if a bounce is caused by a downstream MTA rejecting
> an email because it's too large, then that's an unavoidable bounce.
> But it's also unlikely to be backscatter

In my case it was one of the most reasons why my server acted as a
backscatterer.

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: postfix as forwarder and backscatterer problem
Next: postfix as forwarder and backscatterer problem