Weird Problem with MailScanner

Kevin Miller Kevin_Miller at ci.juneau.ak.us
Mon Oct 22 20:00:12 IST 2007 

Damian Rivas wrote:
> I have sendmail, not postfix as my MTA. I've been checking and I have
> to download some packages like access_db to prevent Backscattering. 
> 
> I'll explain how things work here so that you can give me more
> accurate advice: 
> 
> I have a MX Linux server on the outside which is the one
> experimenting the weird problem, caused surely by the backscattering.
> Then, I have an internal MS Exchange 2003 server which recieves the
> filtered and scanned mails and sends the mails via SMTP to the MX
> Linux Server to be scanned before being sent.    
> 
> I can activate SMTP filtering in Exchange but the problem is that it
> checks the contacts in AD, if I don't have that contact it doesn't
> send the mail. Why is it a problem? As I stated before, this is a
> Travel Agency and is constantly recieving mails from new hotels,
> airlines, agencies, etc. With "new" I mean that they were unknown
> contacts until the reception of their mail, therefore there domain is
> not identified as a trusted or real one. So, if I use the MS Exchange
> filtering this will likely block the answers to this new domains.    
> 
> So the filtering, in my opinion should be done only in the
> MailScanner server, the thing is that I want to know which is your
> recommendation to build the filtering on sendmail and if there can be
> a solution with the MS Exchange filtering, perhaps I misunderstood
> the documentation.    

Hi Damian,

I don't understand your problem with contacts above.  Is it Exchange or
MailScanner that is not trusting the new domain and blocking it?  What
rule does that?  Guess I'm not doing smtp filtering in Exchange.  That's
what MailScanner is for. <g>

I'm set up in a similar manner here, with an Exchange 2003 server on the
inside and MailScanner gateways doing the filtering.  New people are
constantly sending to us, and the mail comes in fine.  Replies go out
fine.  

One difference I'm doing is allowing the Exchange server to send
directly rather than route outbound mail through MailScanner.  I'm not
an ISP, so can more or less trust my users not to be spammers.  You may
or may not have that luxury.  But if you can do that, it will reduce the
load on your MailScanner server.

There's a couple things I'd do on the sendmail side if you haven't
already.  On is to activate the greet pause feature.  Put this line in
your sendmail.mc file (or enable it if it's already there but removing
the dnl at the beginning of the line), then rebuild your sendmail.cf
file.

  FEATURE(`greet_pause',  `10000')dnl

What it does, is tell the sending server to way for 10 seconds.
Spammers usually won't wait and just drop the connection.  Legitimate
servers will.  You can whitelist servers to not be greetpaused in your
access file (/etc/mail/access).  For example the following entries will
cause connections from google.com and connections from the ip range
192.168.1.x to be accepted w/o delay.  You'd typically put your own IP
range in there, and any legitimate mail servers/domains that have a
problem.  Beyond a couple entries early on I haven't had any trouble
with it.  

  GreetPause:192.168.1    0
  GreetPause:google.com   0

I'm also using a couple of milters: smf-sav and smf-spf (see
http://smfs.sourceforge.net/smf-sav.html).  Those are quite useful.  You
should set up spf records in your dns, then add the smf-spf milter to
your sendmail.  Then smf-sav will be particularly useful in that it does
both sender and recipient verification.  You will have to whitelist some
domains if you use sender verification but I haven't found it
problematic.

You'll have tweak your Exchange server to filter out messages for
non-existing users.  
Instructions here: 
  http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf

These things will let you block a lot of spam at the MTA level - that
is, sendmail will drop the connection before anything is passed to
MailScanner, thus saving a lot of CPU cycles.

Hope this helps...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

More information about the MailScanner mailing list