[Mimedefang] Problem with backscatter
Jakub Wasielewski
jakub at wasielewski.info
Mon Mar 22 09:10:50 EDT 2010
Hello List!
I recently discovered some nasty backscatter technique which I don't
know how to stop.
It only occurs on backup MX server (sendmail 8.14.0) who checks for
valid recipients using
md_check_against_smtp_server().
The SMTP session looks like this:
Connected to xxx.xxx.xxx.130.
Escape character is '^]'.
220 my_backup_mx ESMTP
helo example.com
250 my_backup_mx Hello example.com [xxx.xxx.xxx], pleased to meet you
mail from:<victim at email.com>
250 2.1.0 <victim at email.com>... Sender ok
rcpt to:<nonexistens at email.in.domain.this.mx.backups.for>
554 5.7.1 <nonexistens at email.in.domain.this.mx.backups.for>: Recipient
address rejected: User unknown
rcpt to:<VALID at email.in.domain.this.mx.backups.for>
250 2.1.5 <VALID at email.in.domain.this.mx.backups.for>... Recipient ok
data
354 Enter mail, end with "." on a line by itself
[message content]
.
250 2.0.0 o2MBG5xt002795 Message accepted for delivery
quit
221 2.0.0 my_backup_mx closing connection
Connection closed by foreign host.
The problem is that a DSN message is generated and sent to
victim at email.com about message
can not be delivered to nonexistent at email.in.domain.this.mx.backups.for.
Why this message is generated and how to stop that?
I must mention that this doesn't happen for local recipients.
This happens only when message should be relyed and the recipients are
checked using
md_check_against_smtp_server().
Please help! I do not want to be a backscatterrer!
--
Jakub Wasielewski
More information about the MIMEDefang
mailing list