[Mimedefang] Problem with backscatter

- kd6lvw at yahoo.com
Mon Mar 22 14:29:11 EDT 2010

--- On Mon, 3/22/10, Jakub Wasielewski <jakub at wasielewski.info> wrote:
> I recently discovered some nasty backscatter technique which I  don't
> know how to stop.  It only occurs on backup MX server (sendmail 8.14.0)
> who checks for valid recipients using md_check_against_smtp_server().
> The SMTP session looks like this:
> Connected to xxx.xxx.xxx.130.
> Escape character is '^]'.
> 220 my_backup_mx ESMTP
> helo example.com
> 250 my_backup_mx Hello example.com [xxx.xxx.xxx], pleased to meet you
> mail from:<victim at email.com>
> 250 2.1.0 <victim at email.com>... Sender ok

Here's your problem.  You haven't checked the sender against SPF.  See my Wed Feb 24 2010 00:39:23 message for details on how to do this.  Forged messages will be stopped here and no DSN generated.  Only non-forged messages may continue.  If the sender hasn't protected his domain by creating an SPF record for it, any backscatter is HIS problem, not yours.

> rcpt to:<nonexistens at email.in.domain.this.mx.backups.for>
> 554 5.7.1 <nonexistens at email.in.domain.this.mx.backups.for>: Recipient address rejected: User unknown

Since you have rejected it, you shouldn't be generating an NDR type DSN at all.  You are definently misconfigured.

More information about the MIMEDefang mailing list