preventing backscatter at the source
Mark Sapiro
mark at msapiro.net
Fri Mar 28 20:23:17 GMT 2008
Mark Nienberg wrote:
>The solutions discussed in the "backscatter problem" thread are all about preventing
>delivery of backscatter to our users. Does anyone have information on preventing my
>mail server from generating backscatter in the first place? I'd like to avoid
>sending bounce messages to innocent victims of address spoofing.
>
>One thought I had was checking SPF records before sending a DSN, but I'm not sure if
>milter-SPF could do this as it is not the normal sequence.
>
>The headers below that that google sends DSNs to addresses it knows are spoofed. Can
>I do better?
There is a long thread that touches on these issues on the
Mailman-Developers list. See the "before next release: disable
backscatter in default installation" thread at
<http://mail.python.org/pipermail/mailman-developers/2008-March/thread.html>.
Some people do advocate checking SPF before returning a DSN, but this
will supress some legitimate DSNs, and in any case, my question is
"how do I set it up"
Here's the particular scenario that I am concerned about. I have a
number of forwarding aliases on my server. At least one of the targets
of these has a very agressive content filter at SMTP time. So, I
(Postfix) receive mail for s at example.com, scan it with MailScanner and
it passes, and I attempt to deliver it to y at example.net. example.net
rejects the message with "550 5.7.1 Requested action not taken:
message refused (in reply to end of DATA command)". Then Postfix sends
a DSN to the possibly innocent 3rd party envelope sender of the
original mail.
So currently, MailScanner doesn't scan the DSN that Postfix sends
because it doesn't scan locally generated mail, but I could easily
change that, but does anyone know or have recommendations for what
specific rules and/or actions I should apply to this DSN.
Postfix 2.3.3
MailScanner 4.68.3
ClamAV 0.92.1
SpamAssassin 3.2.4
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list