> On Sep 27, 2017, at 2:08 PM, Benny Pedersen <m...@junc.eu> wrote: > > J Doe skrev den 2017-09-27 19:49: > >> I recently configured Postfix 3.1.0 on a low-volume, Internet facing >> server. Mail operations are normal, but I had two questions regarding >> backscatter. > > ... > >> 1. From what I understand, “backscatter” refers to e-mails such as >> non-delivery reports being sent back to the originator of a spam >> message. As the originator is often a forged address, the >> non-delivery reports is essentially junk data. Would this be a >> correct definition for the term ? > > non delivery is not correct, if you have a local sender that try to send > email outside your own local domains it would create a bounce if it could not > be delivered, this is not spam btw > >> 2. Is it possible to white-list the generation of non-delivery reports >> for some hosts and prevent generation for all others ? For instance, >> if a Gmail user attempts to e-mail me but specifies a non-existent >> address, I want the non-delivery report to go them (and any other >> senders from @gmail.com), but all other reports should be stopped from >> being sent. > > keep away from whitelists, since there is nothing to whitelist, but make sure > your postfix does not accept and later bounce same mail since that could be > with forged sender addresses > > its always safe to reject > > all the best
Hi Benny, Thank you for your reply. My current setup is for virtual domain hosting. I have a domain (say example.org), that I forward e-mail to Gmail. So if there was j...@example.org Postfix forwards to jons_em...@gmail.com. As a result, the only local users I have are the service accounts on the e-mail server itself. What happens is I will get a spam message for a user @example.org. If the user is non-existent, a non-delivery report gets generated by mail server and goes back to the sender of the spam . . . whose address is likely forged. That means the report is generating traffic to a possibly legitimate e-mail server. I do want legitimate non delivery reports to go to real people e-mailing recipients @example.org. Almost all of the legitimate e-mail coming through is from people using Gmail, Outlook and so forth which is why I thought whitelisting those domaines for non delivery reports would be useful, whereas other servers are most likely forged and should be silently dropped. Is there a way to achieve this or as you noted, are whitelists to be avoided ? If whitelists are to be avoided what is the best practice for handling this scenario ? Thanks, - J
