preventing backscatter at the source
Mark Sapiro
mark at msapiro.net
Sat Mar 29 00:29:42 GMT 2008
On Fri, Mar 28, 2008 at 05:07:40PM -0700, Mark Nienberg wrote:
> Steve Freegard wrote:
>
> >2) Don't run a secondary MX unless it is configured to reject exactly
> >as the primary.
> >A secondary MX delivering to the primary MX which does an SMTP rejection
> >will cause the secondary MX to 'bounce' the message which is backscatter.
>
> Uh oh, this is a bit harder. I have my ISP functioning as my secondary MX,
> so it really isn't under my control. I guess I could ask them if they use
> milter-ahead or some other method.
The anti-backscatter militants will tell you you just can't have a
backup MX unless it always has access to your user database. Since
mail never goes to your backup unless your primary is down, there's
no way the backup can call forward to the primary to validate an
address. But, the bright side of this is you are just rejecting the
backup's mail at SMTP time, so the backscatter DSN is the ISP's
problem ;)
> >4) Only send MailScanner notices to the recipient and not the sender.
>
> I think I am notifying senders of blocked filenames and filetypes and
> password protected zip files. Maybe this is a throwback to more innocent
> times. Should I turn these off and never ever notify a sender?
That's what I do.
--
Mark Sapiro mark at msapiro net The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list