Chris Babcock pisze:
On Mon, 26 Jan 2009 08:52:00 -0600
Jim Wright <j...@wrightthisway.com> wrote:
On Jan 26, 2009, at 7:41 AM, Paweł Leśniak wrote:
One of our users is getting lots of returned mails because his
email address is used as return-path by spammer(s).
I would guess that your system accepting mail from unknown servers?
Start blocking those, and you'll find that these bounces will drop
significantly. Hard to tell from your sanitized error report...
I think the OP already ruled that out.
I'm not sure what I should've ruled out... could you please be more
specific which statement above do you mean?
The question is whether there is a milter that tracks the message IDs
of outbound mail so that they can be used to check bounce notices for
authenticity. That seems to be rather resource intensive, even if the
regular logs were used... and I don't believe that intermediate hops
are obligated to keep all of those headers in transit.
I'm not using any BATV solution right now (and I can't find strongly
positive opinions on it in this mailing list's archives). Inside the
message in my original posting there is Message-ID inside of the
enveloped body. So in this particular case it'd be (I think) as simple
as check body for specific Message-ID. But I'm not sure if this check
won't be the cause of other troubles.
SPF and DKIM are designed to deal with the joe job issue, but even with
strict sending policies I don't know the chances that the recieving
machine will implement either of these policies in a way that deals
constructively with backscatter.
AFAIK SPF and DKIM to help ME would have to be used by mailserver from
which I'm receiving backscatter. And finally it's backscatter, so if
bouncing mailserver does not take advantage of SPF record of my domain,
it has no possibility to know whether to bounce the message or not (of
course as I stated before IP of original sender (who fakes return-path)
is on spamhaus' zen RBL, so it could be rejected by bouncing server).
So again it comes to my mind that I'm getting backscatter because of
wrong configuration on the other side.
Thank you for replies.
Regards
Pawel Lesniak
