OT: Sendmail REJECT or DISCARD preference

Mon Mar 31 19:26:41 IST 2008

Koopmann, Jan-Peter wrote:
> Not sure I understand what you mean.
>
>   
>>> There's something seriously wrong with your mailserver if this is
>>> happening.
>>>       
>
> Agreed. :-)
>
>   
>> This is how it works:
>>
>> Someone sends a spoofed spam email to one of my clients the other side
>> of my mailscanner, but they get the address wrong.
>>     
>
> Happens every day.
>
>   
>> The mailer daemon on the client server rejects the email, (I am the
>> postmaster for my clients Linux server) with user unknown,
>>     
>
> What does the postmaster have to do with this?
>
>   
>> -- But the address is spoofed so it goes back to the wrong person
>>     
> (back
>   
>> scatter), 
>>     
>
> This is where you go wrong. Your system is not sending any e-mail. It is
> simply refusing to accept the mail in the first place so you systems do
> not produce any sort of NDA. Therefore your addresses are not visible in
> any NDR. It is the delivering MTA that has to deal with your refusal to
> accept the mail.
>
>   
>> The mail system rejects the back scatter for various reasons
>> (user known mailbox full etc etc etc) 
>>     
>
> In a perfect world there should not be backscatter here in the first
> place. Why did the mail system (the sender's mail system) accept the
> spoofed spam message in the first place? But let's just accept that the
> world is not perfect.
>
>   
>> so this bounce comes back to the
>> postmaster of the client machine 
>>     
>
> What client are we talking about? The client with the spoofed e-mail
> address? This client is naturally receiving an NDR unless you use
> something like BarricadeMX or Mailscanner watermarking. But there is
> nothing you can really do about it. Even if you DISCARD instead of
> reject the client will receive backscatter from everybody else. And
> again: You did not send the backscatter. It is the MTA trying to deliver
> the mail to you.
>
>   
>> which goes to my postmaster mailbox.
>>
>> If I simply DISCARD the email at the mailscanner the process is
>>     
> stopped
>   
>> completely.
>>     
>
> There are two things you stop with this:
> 1. That the delivering MTA is producing a NDR to the spoofed address in
> case of spam. Yes that is nice of you to do so but frankly it will not
> help since most other people will still create NDRs.
> 2. You stop perfectly valid NDRs from happening in case someone is
> writing a legit e-mail but gets the recipient wrong. This is something I
> would not be willing to accept for the domains I am responsible for.
>
>   
>> If the mailer daemon REJECTS the message on the mailscanner or the
>> client server,  I get it in the postmaster mailbox as per the reason
>> above because I am also the postmaster there as well...
>>     
>
> I obviously do not get it. Can you please provide a real world example
> telling us where a mail originates, what MTA is doing what etc.? Because
> "client server", "the mail system" etc. is not really helpful in this
> scenario.
>
> I agree with the others: There is no reason I can currently think of
> (even after having read your mail) why a REJECT should bounce back to
> you...
>
>   
>> So DISCARD is the best way forward.
>>     
>
> Whatever you like. I happen to disagree and would prefer REJECT for
> several reasons already stated in other postings.
>
>
> Kind regards,
>   JP
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>   
 >> client is the company I am sending mail onto who use my services...

So there is *nothing* wrong with this configuration at all....

So I'll carry on doing a discard thanks,

P.