[Mimedefang] Problem with backscatter
Jakub Wasielewski
jakub at wasielewski.info
Tue Mar 23 14:56:36 EDT 2010
2010/3/22 - <kd6lvw at yahoo.com>:
> --- On Mon, 3/22/10, Jakub Wasielewski <jakub at wasielewski.info> wrote:
>> I recently discovered some nasty backscatter technique which I don't
>> know how to stop. It only occurs on backup MX server (sendmail 8.14.0)
>> who checks for valid recipients using md_check_against_smtp_server().
>>
>> The SMTP session looks like this:
>>
>> Connected to xxx.xxx.xxx.130.
>> Escape character is '^]'.
>> 220 my_backup_mx ESMTP
>> helo example.com
>> 250 my_backup_mx Hello example.com [xxx.xxx.xxx], pleased to meet you
>> mail from:<victim at email.com>
>> 250 2.1.0 <victim at email.com>... Sender ok
>
> Here's your problem. You haven't checked the sender against SPF. See my Wed Feb 24 2010 00:39:23 message for details on how to do this. Forged messages will be stopped here and no DSN generated. Only non-forged messages may continue. If the sender hasn't protected his domain by creating an SPF record for it, any backscatter is HIS problem, not yours.
True unless sender is a spamtrap of some dnsbl list - than you're
listed and problem is yours ;)
>> rcpt to:<nonexistens at email.in.domain.this.mx.backups.for>
>> 554 5.7.1 <nonexistens at email.in.domain.this.mx.backups.for>: Recipient address rejected: User unknown
>
> Since you have rejected it, you shouldn't be generating an NDR type DSN at all. You are definently misconfigured.
I definitely think so and that is why I'm writing here to find what is
wrong. I dunno if sendmail or mimedefang generates
this DSN's, it is something wrong in my sendmail.cf or in mimedefang-filter.
Cheers,
--
Jakub Wasielewski
More information about the MIMEDefang
mailing list