[Mimedefang] Problem with backscatter
Jakub Wasielewski
jakub at wasielewski.info
Wed Mar 24 09:49:27 EDT 2010
2010/3/24 Steffen Kaiser <skmimedefang at smail.inf.fh-bonn-rhein-sieg.de>:
> On Mon, 22 Mar 2010, Jakub Wasielewski wrote:
>
>> It only occurs on backup MX server (sendmail 8.14.0) who checks for
>> valid recipients using
>> md_check_against_smtp_server().
>
> Why does the mail hit your backup MX in the first place? Is the primary
> server offline?
Well, we are talking about backscatter done - in purpose - by
spammers. Why do they connect
to MX'es with bigger priority instead of primary server? Because lots
and lots of such MX'es
do not verify recipients at all and are a tailor-made for passing spam
to victims.
This is how backscatter works.
>> The problem is that a DSN message is generated and sent to
>> victim at email.com about message
>
> Did you verified that the DSN is from one of _your_ hosts at all? IMHO there
> should be a:
>
> sendmail[pid]: queueid1: queueid2: DSN: reason
Yes it is. The reason is : User unknown:
Mar 20 04:54:18 [sm-mta] o2K3sEnS001039: o2K3sInS001048: DSN: User unknown
> log entry. Can you verify that queueid1 is the queueid of the message that
> entered your host from outside.
Sure thing.
--
Jakub Wasielewski
More information about the MIMEDefang
mailing list