Jim Lang pisze:
John Peach wrote:
On Mon, 16 Nov 2009 13:07:05 -0700
Jim Lang <post...@guscreek.com> wrote:
John Peach wrote:
On Mon, 16 Nov 2009 13:00:26 -0700
Jim Lang <post...@guscreek.com> wrote:
Wietse Venema wrote:
Jim Lang:
OK here is the scenario.
Spammer sends mail to: u...@myclientsdomain.com from forged
address vic...@randomdomain.com
If u...@myclientsdomain.com is delivered locally, not a problem,
if the address is invalid, postix rejects the mail during the
smtp connection.
But if u...@myclientsdomain.com is an alias to
mycli...@otherserver.com, postfix accepts the mail as deliverable
and forwards it to hotmail.com.
But if mycli...@otherserver.com can for whatever reason not be
delivered, otherserver.com does what it is supposed to do and
rejects the mail during the smtp connection, which causes postfix
to send out a non-delivery report to vic...@randomdomain.com --
backscatter.
Is there a way to stop this?
Yes. Don't forward SPAM.
Wietse
And how do I do that in this scenario?
You use recipient verification.
I must have been really inarticulate when I wrote out the scenario.
I do use recipient verification on my server. How is it that that is
not clear? Do I need to rewrite this post?
Clearly, you are *NOT* doing recipient verification, or
myotherserver.com would not be rejecting it. Never accept mail which
cannot be delivered.
Except no 'myotherserver.com' appeared in my scenario, nimrod.
otherserver.com in the scenario is a server not under my control.
unsubcribing to this useless list
But server which is out of your control should not accept messages for
example to non-existant user. So if you're doing verification even when
spammer connects to your server should recieve an ansewer from REMOTE
SERVER "user not known" or something similar. I've got similar situation
as I had to smart host for a lot of domains and connection, but let's
say I know people on that remote site, or even if not I've got any
contact details like email addres so simply... I'm trying to explain
people that if they will not protect the end server I will block them in
the smart host as I can't take a risk of block. So generally you should
use reject_unverified_recipient and additionally you can build a
database... you can limit connections, check RBLs, CBLs, there is really
a lot of things but first of all you would need to check which hosts on
the other end couses a problem and find out what you can do more to
prevent spam coming through.
I know that it's impossible to block all SPAM without being too harsh,
but there is always something what you can do to prevent it.
Regards,
Jarek
