Dennis Carr wrote:
Looking at options here for eliminating backscatter.
I've reviewed the Howto for this, but it only seems to be effective
against backscatter where one's home domain is forged - not too useful,
IMNSHO, because spammers aren't always going to forge the home domain.
and how do you receive it otherwise?
One thing I've been looking at doing is basically checking headers, and
if the From: header is null, then reject it immediately.
Of course this will reject legit bounces, which DO exist. And
why check headers? the From: header in bounces usually has
some form of postmaster, mailer-daemon, or such.
Maybe you're confusing envelope with headers, or maybe you
need to clarify what you're referring to.
Generally it's a poor trade to break the mail system structure
because of a few bad apples. In times of severe stress it's
(mostly) acceptable to reject all bounces, but only as a
temporary measure to keep other mail flowing.
Other approach is to eliminate my 2ary MX from DNS - most of my spam
comes from that. I don't really want to do that, though, because the
idea of a 2ary MX is for a fallback.
Yes, a secondary MX is a spam magnet. Unless you have the
time and resources to keep a secondary locked down as tight or
tighter - including a valid recipient list - than the primary
MX it's not worth the headaches.
Thoughts?
-Dennis
We use ips.backscatterer.org to reject bounces from known
backscatter sources. Something like this:
# main.cf
smtpd_data_restrictions =
check_sender_access regexp:/etc/postfix/backscatter.regexp
# backscatter.regexp
# check null sender bounces
/^<>$/ reject_rbl_client ips.backscatterer.org
Important note: Do NOT use ips.backscatterer.org as a
general-purpose RBL. It *will* reject legit mail.
The above example limits rejects to only mail with the null
sender. This will reject legit bounces from known backscatter
sources, but at least the damage is limited.
