[Mimedefang] Problem with backscatter

Jakub Wasielewski jakub at wasielewski.info
Wed Mar 24 16:27:36 EDT 2010


2010/3/24 Steffen Kaiser <skmimedefang at smail.inf.fh-bonn-rhein-sieg.de>:
> On Wed, 24 Mar 2010, Jakub Wasielewski wrote:
>
>>> Why does the mail hit your backup MX in the first place? Is the primary
>>> server offline?
>>
>> Well, we are talking about backscatter done - in purpose - by
>> spammers. Why do they connect
>
> So, do you need a backup MX at all, if the primary is online?

I do need it for when primary goes offline or is under ddos or
anything like that.
My both MX'es are not a final destination of messages with routing based on
mailertable. When primary is not accessible, recipient verification is
still possible
because it is not run on primary MX.

>>> sendmail[pid]: queueid1: queueid2: DSN: reason
>>
>> Yes it is. The reason is : User unknown:
>> Mar 20 04:54:18 [sm-mta] o2K3sEnS001039: o2K3sInS001048: DSN: User unknown
>>
>>> log entry. Can you verify that queueid1 is the queueid of the message
>>> that
>>> entered your host from outside.
>
> What does the other log entries of o2K3sEnS001039 say? Where it is from,
> which relay, ...

The whole session looks like this:

Mar 20 04:54:16 [mimedefang.pl] o2K3sEnS001039: SPF implemented=no,
result=neutral, smtp_comment=, header_comment=_
Mar 20 04:54:17 [mimedefang.pl] o2K3sEnS001039:
md_check_against_smtp_server for <proboszczd at parafia-sw-stefana.pl> on
petrus.opoka.org.pl returned 550 5.1.1
<proboszczd at parafia-sw-stefana.pl>: Recipient address rejected: User
unknown_
Mar 20 04:54:17 [sm-mta] o2K3sEnS001039: Milter:
to=<proboszczd at parafia-sw-stefana.pl>, reject=550 5.1.1
<proboszczd at parafia-sw-stefana.pl>: Recipient address rejected: User
unknown
Mar 20 04:54:18 [sm-mta] o2K3sEnS001039:
from=<kheevwegrjce at alamodome.com>, size=446, class=0, nrcpts=2,
msgid=<000e01cac7e0$ede91e40$00426158 at dusdeffqwta>, proto=ESMTP,
daemon=MTA, relay=localhost [222.254.116.232] (may be forged)
Mar 20 04:54:18 [clamd]
/var/spool/MIMEDefang/mdefang-o2K3sEnS001039/Work/msg-3183-256.txt:
OK_
Mar 20 04:54:18 [clamd]
/var/spool/MIMEDefang/mdefang-o2K3sEnS001039/Work/INPUTMBOX: OK_
Mar 20 04:54:18 [mimedefang.pl]
MDLOG,o2K3sEnS001039,mail_in,,,<kheevwegrjce at alamodome.com>,<proboszcz at parafia-sw-stefana.pl>,The
golden nugget has arrived_
Mar 20 04:54:18 [sm-mta] o2K3sEnS001039: Milter add: header:
X-Scanned-By: MIMEDefang 2.64 on 212.160.91.130
Mar 20 04:54:18 [sm-mta] o2K3sEnS001039:
to=<proboszczd at parafia-sw-stefana.pl>, delay=00:00:01,
xdelay=00:00:00, mailer=esmtp, pri=5446, relay=petrus.opoka.org.pl.
[212.2.120.8], dsn=5.1.1, stat=User unknown
Mar 20 04:54:18 [sm-mta] o2K3sEnS001039:
to=<proboszcz at parafia-sw-stefana.pl>, delay=00:00:01, xdelay=00:00:00,
mailer=esmtp, pri=5446, relay=petrus.opoka.org.pl. [212.2.120.8],
dsn=2.0.0, stat=Sent (Ok: queued as D33FE259E5)
Mar 20 04:54:18 [sm-mta] o2K3sEnS001039: o2K3sInS001048: DSN: User unknown

This is really weird, Milter rejects the recipients, and then there is
nrcpts=2...

-- 
    Jakub Wasielewski



More information about the MIMEDefang mailing list