OT: Sendmail REJECT or DISCARD preference

Koopmann, Jan-Peter jan-peter at koopmann.eu
Mon Mar 31 17:04:00 IST 2008


Not sure I understand what you mean.

> > There's something seriously wrong with your mailserver if this is
> > happening.

Agreed. :-)

> This is how it works:
> 
> Someone sends a spoofed spam email to one of my clients the other side
> of my mailscanner, but they get the address wrong.

Happens every day.

> The mailer daemon on the client server rejects the email, (I am the
> postmaster for my clients Linux server) with user unknown,

What does the postmaster have to do with this?

> -- But the address is spoofed so it goes back to the wrong person
(back
> scatter), 

This is where you go wrong. Your system is not sending any e-mail. It is
simply refusing to accept the mail in the first place so you systems do
not produce any sort of NDA. Therefore your addresses are not visible in
any NDR. It is the delivering MTA that has to deal with your refusal to
accept the mail.

> The mail system rejects the back scatter for various reasons
> (user known mailbox full etc etc etc) 

In a perfect world there should not be backscatter here in the first
place. Why did the mail system (the sender's mail system) accept the
spoofed spam message in the first place? But let's just accept that the
world is not perfect.

> so this bounce comes back to the
> postmaster of the client machine 

What client are we talking about? The client with the spoofed e-mail
address? This client is naturally receiving an NDR unless you use
something like BarricadeMX or Mailscanner watermarking. But there is
nothing you can really do about it. Even if you DISCARD instead of
reject the client will receive backscatter from everybody else. And
again: You did not send the backscatter. It is the MTA trying to deliver
the mail to you.

> which goes to my postmaster mailbox.
> 
> If I simply DISCARD the email at the mailscanner the process is
stopped
> completely.

There are two things you stop with this:
1. That the delivering MTA is producing a NDR to the spoofed address in
case of spam. Yes that is nice of you to do so but frankly it will not
help since most other people will still create NDRs.
2. You stop perfectly valid NDRs from happening in case someone is
writing a legit e-mail but gets the recipient wrong. This is something I
would not be willing to accept for the domains I am responsible for.

> If the mailer daemon REJECTS the message on the mailscanner or the
> client server,  I get it in the postmaster mailbox as per the reason
> above because I am also the postmaster there as well...

I obviously do not get it. Can you please provide a real world example
telling us where a mail originates, what MTA is doing what etc.? Because
"client server", "the mail system" etc. is not really helpful in this
scenario.

I agree with the others: There is no reason I can currently think of
(even after having read your mail) why a REJECT should bounce back to
you...

> So DISCARD is the best way forward.

Whatever you like. I happen to disagree and would prefer REJECT for
several reasons already stated in other postings.


Kind regards,
  JP


More information about the MailScanner mailing list