mouss schrieb:
Robert McQueen wrote:
Our mail system has many addresses which we accept and forward to our
users' addresses on other systems (ie, domain.com is a virtual alias
domain, and we forward [EMAIL PROTECTED] to [EMAIL PROTECTED], or whatever).
We use both reject_unverified_sender and reject_unverified_recipient to
check that the envelope from/to addressed are valid, so we never
generate the "obvious" backscatter where you're an naive MX that accepts
mail for a bogus addresses at the final destination, and then generate
bounces when the recipient turns out to be invalid.
However, we're now finding that more and more of our users' final mail
destinations are applying SMTP-time spam filtering, so actually reject
the message we're trying to forward due to it's contents. Because we've
already queued the mail, we then end up generating bogus bounce messages
to the original (obviously forged) senders.
We're now starting to get people reporting us to the likes of SpamCop
for originating backscatter, but in this case I really don't know how we
can avoid it. I've considered things like (in order of preference):
* forwarding the mail whilst the original sender is connected, and
returning any errors to them, so never spooling the mail
* never actually generating and sending bounce /mails/ except to local
users/destinations (who are using us as their smarthost), because we
never accept mail for invalid destinations in any other circumstances
* sending the bounces for the user's forwarders to the user's local
mailbox, rather than the original sender
Unfortunately I don't really know how to do any of them with postfix. I
did have a vague idea of doing some address re-writing, and then
pretending that the remote MX is a content_filter, but this absolutely
terrifies me. Does anyone have any better ideas?
Obviously we can look at deploying our own SMTP-time spam rejection with
content_filter, but that seems to a) pass the problem on to anyone who's
trying to forward mail to us, b) not solve the real issue which is that
we can never have /exactly/ the same definition spam as the systems
we're forwarding to.
Forwarding is problematic since some time now. There is no easy fix, so
- Implement "good" postfix anti-spam measures. In particular, use
zen.spamhaus.org.
- run a spam filter. and only forward when you believe it's not spam
(here, you need to take into account the remote filter, not your user
preferences or tolerance to spam).
- if a user causes more than N bounces, disable forwarding for this user
- you could rate limit mail that you forward.
- if this is all too much, then it's time to ask yourself a question: do
you really need the forwarding functionality? and if yes, can you try to
"reduce" its scope.
ups ( perhaps i missunderstood your problem) , if you only want get out
of normal forwarding problems
you must have good antispamfeatures by yourself
but there may be cases when disable forwarding
is the only way to get out of the problem,
i.e we had some forwards to aol.com mailadresses
and they told us to flag us by forwarding spam to them, the only way out
was stop forwarding
so mouss is absolut right, but whatever you do dont use sender_verify
allaround every income mail, i have trillions of such verify smtp connects
hosting a widly faked domain sometimes this is nearly like dos attack
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
