[Mimedefang] Problem with backscatter

Jakub Wasielewski jakub at wasielewski.info
Tue Mar 23 14:56:36 EDT 2010

2010/3/22 - <kd6lvw at yahoo.com>:
> --- On Mon, 3/22/10, Jakub Wasielewski <jakub at wasielewski.info> wrote:
>> I recently discovered some nasty backscatter technique which I  don't
>> know how to stop.  It only occurs on backup MX server (sendmail 8.14.0)
>> who checks for valid recipients using md_check_against_smtp_server().
>> The SMTP session looks like this:
>> Connected to xxx.xxx.xxx.130.
>> Escape character is '^]'.
>> 220 my_backup_mx ESMTP
>> helo example.com
>> 250 my_backup_mx Hello example.com [xxx.xxx.xxx], pleased to meet you
>> mail from:<victim at email.com>
>> 250 2.1.0 <victim at email.com>... Sender ok
> Here's your problem.  You haven't checked the sender against SPF.  See my Wed Feb 24 2010 00:39:23 message for details on how to do this.  Forged messages will be stopped here and no DSN generated.  Only non-forged messages may continue.  If the sender hasn't protected his domain by creating an SPF record for it, any backscatter is HIS problem, not yours.

True unless sender is a spamtrap of some dnsbl list - than you're
listed and problem is yours ;)

>> rcpt to:<nonexistens at email.in.domain.this.mx.backups.for>
>> 554 5.7.1 <nonexistens at email.in.domain.this.mx.backups.for>: Recipient address rejected: User unknown
> Since you have rejected it, you shouldn't be generating an NDR type DSN at all.  You are definently misconfigured.

I definitely think so and that is why I'm writing here to find what is
wrong. I dunno if sendmail or mimedefang generates
this DSN's, it is something wrong in my sendmail.cf or in mimedefang-filter.


    Jakub Wasielewski

More information about the MIMEDefang mailing list