[Mimedefang] Doing SRS Rewriting with Postfix (do not look up recipients starting with SRS)

Benoit Panizzon benoit.panizzon at imp.ch
Mon Jan 7 04:27:24 EST 2019 

Hi Benny

> > This causes Postfix to accept all emails which match this local mailbox
> > regexp and make it believe to deliver them to /dev/null, which never
> > happens as we will extract the real recipient from the SRS header with
> > MIMEDefang.  
> 
> how does this prevent accept and bounce ?
> how does it protect to not loose emails ?
> why is this not the same as catch-all domain ?
> 
> one day i begin to understand mimedefang, it takes time

Well we have a very complex set-up.

One of the goals:

* Minimize Backscatter (excessive backscatter could get your services
  blacklisted)

I suppose you know, how SPF works and that therefore you cannot forward
an email to a destination and leave the original sender intact. This is
also bound to cause your server to generate backscatter in case the
email cannot be delivered to the destination.

So SRS is used to rewrite and sign the envelope sender. Of a reply (a
bounce in most cases) is getting back to this SRS signed sender, the
signature is verified to make sure it is legitimate and not somebody
trying to just relay emails over your server.

But still, this cases backscatter if your server (or the remote server)
bounces emails which cannot be delivered. So how do we minimize the
problem? SRS only encodes the original sender, not the forwarding
mailbox.

We encode the local recipient, which forwarded the email, into the SRS
sender. So if we get a bounce back, we can decode this and get both
informations:

* Original Sender (to which we want to return the bounce)
* Local Recipient with defunct forwarding.

This allows us to count the bounces generated by a local recipient with
a defunct forwarding.

Of course, there are always reasons, why an email, even forwarded, does
not reach the destination (server down etc). So we have to allow for a
certain amount of bounces per day. But if a threshold is reached, we
just stop accepting email for the local recipient and issue a message
like "550 Forwarding Disabled because of bounces from far server".

This prevents DDOS like attacks where the sender address is the email
address of a victim, the destination is purposefully an address which
generated delayed bounces, and the goal is to flood that victim's
mailbox with those bounces (SPF cannot help in such a case and yes, we
had such cases).

So hopefully you understand what we are doing to try to fix design
issues of the aging SMTP protocol :-)

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________

More information about the MIMEDefang mailing list