[Mimedefang] Problem with backscatter
-
kd6lvw at yahoo.com
Mon Mar 22 14:29:11 EDT 2010
--- On Mon, 3/22/10, Jakub Wasielewski <jakub at wasielewski.info> wrote:
> I recently discovered some nasty backscatter technique which I don't
> know how to stop. It only occurs on backup MX server (sendmail 8.14.0)
> who checks for valid recipients using md_check_against_smtp_server().
>
> The SMTP session looks like this:
>
> Connected to xxx.xxx.xxx.130.
> Escape character is '^]'.
> 220 my_backup_mx ESMTP
> helo example.com
> 250 my_backup_mx Hello example.com [xxx.xxx.xxx], pleased to meet you
> mail from:<victim at email.com>
> 250 2.1.0 <victim at email.com>... Sender ok
Here's your problem. You haven't checked the sender against SPF. See my Wed Feb 24 2010 00:39:23 message for details on how to do this. Forged messages will be stopped here and no DSN generated. Only non-forged messages may continue. If the sender hasn't protected his domain by creating an SPF record for it, any backscatter is HIS problem, not yours.
> rcpt to:<nonexistens at email.in.domain.this.mx.backups.for>
> 554 5.7.1 <nonexistens at email.in.domain.this.mx.backups.for>: Recipient address rejected: User unknown
Since you have rejected it, you shouldn't be generating an NDR type DSN at all. You are definently misconfigured.
More information about the MIMEDefang
mailing list