SORBS a PITA on spam backscatter ...

Andrew MacLachlan andy.mac at global-domination.org
Thu Jun 14 01:56:38 IST 2007


Apologies for the reply to my own post, but the following link I just
found on the postfix website might be useful for extracting the
addresses from AD and securely sending to postfix, although it's
specific to exchange 5.5 the ldap code should be easily tweakable

http://www.unixwiz.net/techtips/postfix-exchange-users.html


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Andrew
MacLachlan
Sent: 13 June 2007 22:31
To: MailScanner discussion
Subject: RE: SORBS a PITA on spam backscatter ...

The problem I can see with this is the customer allowing an inbound LDAP
connection straight through the DMZ to their AD DC - it's not quite best
practice is it...

As an alternative, you could do two things after explaining the problem
to them:
- Block all NDRs from their Exchange Server
- Ask them to supply a properly formatted list of valid recipients
extracted from AD on a regular basis (maybe they could FTP/SCP it to you
a few times a day).

-Andy 

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason
Ede
Sent: 13 June 2007 21:42
To: MailScanner discussion
Subject: RE: SORBS a PITA on spam backscatter ...

There are ways, using LDAP lookups, of checking for valid addresses on
the MS box... If you search for MailScanner Exchange and LDAP on google
it brings up a few howtos.

I've had some success of checking for NDR bounces and then if the
destination address is not one of ours then just flag the email as
SPAM...

Mind you its probably simpler to use the LDAP lookup to block illegal
addresses at the MTA level and just leave it at that.

Jason

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Garry
Glendown
Sent: 13 June 2007 19:28
To: MailScanner discussion
Subject: OT: SORBS a PITA on spam backscatter ...

Sorry, this is most likely somewhat off topic, but maybe I could get
some suggestions ...

One of our customers was hit by a presumably larger amount of spam
mails, addressed to mail addresses collected somehow, but with errors in
the addresses (first part of the mail address duplicated, like
"johnjohn at do.main" instead of "john at do.main"). They are operating a
multi-level mail service, with MS on our side, delivering to an SMTP
proxy, then over through a virus scanner, and finally to the actual mail
server (M$ Exchange). Mails are accepted, even by the Exchange server,
which in turn generates a non-delivery receipt for wrong addresses.

For outgoing mail, our central mail server is the smarthost. Which in
turn got listed on SORBS for delivering spam backscatter ... great. As
far as I see it, delivering the mails, which in themselves are generated
in compliance with RFCs, is fully legitimate.

What should we do? We get complaints due to the fact that certain mails
sent from other customers are being blocked on recipient mailservers due
to our server being SORBS-listed ...

I personally do not see any way of identifying whether such a receipt
(if I'm able to even decide that it is a non-delivery receipt) is for
legitimate mails that couldn't be delivered, or for spam.

Any suggestions?

tnx, -garry

--
Orwell war ein Optimist
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
This message was scanned by ESVA and is believed to be clean.
Click here to report this message as spam. 
http://mail-gw.global-domination.org/cgi-bin/learn-msg.cgi?id=0D21228223
.81EAB





--
This message was scanned by ESVA and is believed to be clean.

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 



--
This message was scanned by ESVA and is believed to be clean.



More information about the MailScanner mailing list