OT: extraordinary amount of spam to one domain

Jason Ede J.Ede at birchenallhowden.co.uk
Wed Dec 23 07:08:01 GMT 2009


> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Steve Freegard
> Sent: 23 December 2009 00:40
> To: MailScanner discussion
> Subject: Re: OT: extraordinary amount of spam to one domain
> 
> On 22/12/09 20:40, Jeff Mills wrote:
> > No they don't exist, but I'm not doing recipient checking because the
> server is not on the same site as exchange and don't want to increase
> traffic by recipient checking 50 odd domains.
> > At my old job, I used to pull the addresses from active directory
> into a recipient file for postfix. That worked very well, but that was
> on the same site.
> 
> Everyone should do recipient checking if they are running a gateway
> (e.g. the mail is being relayed to a mailbox server) otherwise you can
> easily become source of backscatter.
> 
> To prove a point - I just telnetted to one of your MXes and sent a MAIL
> FROM: a domain that I own (but I could have picked any domain) with a
> RCPT TO: a random string @ your domain.
> 
> Attached is what I got back.
> 
> Imagine if instead I deliberately used MAIL FROM:'s that I knew were
> valid addresses with a spam payload in the body....
> 
> Now imagine what your server is doing with that new domain you are
> telling us about that is really hammering your server.  As you're not
> doing recipient verification - it's sending thousands of DSNs to
> innocent users for any stuff that slips through where the MAIL FROM: is
> forged and the recipient does not exist at the destination...
> 
> This is why recipient verification isn't optional.  It's required if
> you want to be a good SMTP netizen and avoid getting listed on certain
> blacklists (e.g. backscatterer.org) because you've been used to send
> spam.
> 
> Not having the gateway on the same site as the mailbox server isn't a
> problem - Postfix can store verification results in a cache file to
> prevent lookups to the same address.  I've frequently set-up hosts that
> do verification to domains all over the planet - it's not a problem.
> See
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mt
> a:postfix:how_to:reject_non_existent_users#using_smtp_recipient_verific
> ation
> for the simple instructions on how to set it up.
> 
> Kind regards,
> Steve.

Yes, use recipient verification. It makes a massive difference to the load levels on your MS box. We set it up and it saves so much hassle. Why accept mail that you can't deliver or that will just be bounced with a NDR creating more spam in the system?

Postfix uses the addresses in your transports file to check servers for addresses and you can configure how often it checks or keeps valid/non-valid addresses in its cache. Currently use a btree file for verifications.
After looking at the link Steve posted then for configuring it further look at... http://www.postfix.org/verify.8.html

Jason


More information about the MailScanner mailing list