Ansgar Wiechers skrev 2010-11-25 09:44:
On 2010-11-25 Patric Falinder wrote:
Ansgar Wiechers skrev 2010-11-24 18:11:
On 2010-11-24 Patric Falinder wrote:
lst_ho...@kwsoft.de skrev 2010-11-24 11:08:
Be sure to limit the usage of the list to the affected account and maybe
even to bounce sender addresses as a lot of legitim hosts are listed.
See http://www.backscatterer.org/?target=usage
Ok, thanks! Is there any other ways to protect yourself against
backscatter?
I wrote a filter based on smtpprox [1]. Disclaimer: AFAIK this has never
been used on medium or high traffic servers, so I don't know how it
would perform in such environments.
[1] http://www.planetcobalt.net/sdb/backscatter.shtml
Cool, I will check that out and see if I can try it out on my personal
mail-server first and see how it works.
Feel free. Feedback is welcome, of course.
I looked arround and found check_sender_access and
check_recipient_access, can I for example do something like this:
smtpd_recipient_restrictions =
...
check_recipient_access = /etc/postfix/check-for-backscatter
...
/etc/postfix/check-for-backscatter:
u...@domain.com reject_rbl_client ips.backscatterer.org
Doesn't work that way.
cob...@iridium:~ $ man 5 postconf | grep -A3 check_recipient_access
check_recipient_access type:table
Search the specified access(5) database for the resolved RCPT TO
address, domain, parent domains, or localpart@, and execute the
corresponding action.
With check_*_access you have to use some kind of table lookup:
check_recipient_access hash:/etc/postfix/check-for-backscatter
check_recipient_access regexp:/etc/postfix/check-for-backscatter
check_recipient_access pcre:/etc/postfix/check-for-backscatter
...
However, you can't use reject_rbl_client in these tables (see man 5
access).
You could try something like this:
# /etc/postfix/main.cf
...
smtpd_restriction_classes = backscatter_rbl
backscatter_rbl = reject_rbl_client ips.backscatterer.org
smtpd_recipient_restrictions =
...
check_sender_access hash:/etc/postfix/bounce-senders
...
# /etc/postfix/bounce-senders
<> backscatter_rbl
This should check NDNs (or rather, all messages sent with a null sender
address, which usually are NDNs) against ips.backscatterer.org. Not sure
if it does work though, as I haven't tested it.
and then only the address u...@domain.com gets checked at
ips.backscatterer.org?
And if I would want to check all the mails that comes from<> can I do
the same only in the smtpd_sender_restrictions?
I'd recommend doing the latter rather than the former.
Regards
Ansgar Wiechers
It actually looks like it's working! It checks every message that has
from=<> against ips.backscatterer.org :)
Thanks a lot for your help!
-Patric
