Avoiding sending backscatter

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Avoiding sending backscatter

Diego Vadell
Hello everyone,

    I have a postfix server (with amavis and clamav) that receives emails for
other domains. When it gets a mail for a non-existent email, it accepts it
anyways because it doesn't have the list of valid email addresses.

   In other words, I'm generating backscatter and I want to avoid it.

   One solution could be to never return a mail delivery notification for
external email, but I think that's not recommended, isn't it?

   I'm already discarding all emails with viruses and using blacklists.

    Does anybody knows any other solution?

Thanks in advance,
 -- Diego.


   


Reply | Threaded
Open this post in threaded view
|

Re: Avoiding sending backscatter

Noel Jones-2
On 7/18/2018 12:59 PM, Diego Vadell wrote:
> Hello everyone,
>
>     I have a postfix server (with amavis and clamav) that receives emails for
> other domains. When it gets a mail for a non-existent email, it accepts it
> anyways because it doesn't have the list of valid email addresses>
>    In other words, I'm generating backscatter and I want to avoid it.
>
>    One solution could be to never return a mail delivery notification for
> external email, but I think that's not recommended, isn't it?

Right, that's a terrible idea that breaks the reliability of mail.

>
>    I'm already discarding all emails with viruses and using blacklists.
>
>     Does anybody knows any other solution?


Hopefully you can use active recipient verification.  This requires
that the downstream server rejects unknown recipients during the
SMTP transaction. See:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient

If the downstream servers are not able to reject unknown recipients
during SMTP, your only option is to find some way to either query
the downstream server directly, maybe through an LDAP or sql lookup
depending on what software the downstream runs, or find some way to
periodically export a user list from the downstream server to the
gateway.

Fixing this can be a lot a trouble, but it's worth it.  There's some
evidence that domains that accept all recipients are spam
attractors, and spammers will eventually clog your queue with
thousands/millions of undeliverable bounces, affecting incoming mail
delivery.  If that's not bad enough, some sites blacklist
backscatter sources, affecting your ability to send mail.



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Avoiding sending backscatter

Diego Vadell


On Wednesday 18 July 2018 03:27:36 pm Noel Jones wrote:

> On 7/18/2018 12:59 PM, Diego Vadell wrote:
> > Hello everyone,
> >
> >     I have a postfix server (with amavis and clamav) that receives emails
> > for other domains. When it gets a mail for a non-existent email, it
> > accepts it anyways because it doesn't have the list of valid email
> > addresses> In other words, I'm generating backscatter and I want to avoid
> > it.
> >
> >    One solution could be to never return a mail delivery notification for
> > external email, but I think that's not recommended, isn't it?
>
> Right, that's a terrible idea that breaks the reliability of mail.
>
> >    I'm already discarding all emails with viruses and using blacklists.
> >
> >     Does anybody knows any other solution?
>
> Hopefully you can use active recipient verification.  This requires
> that the downstream server rejects unknown recipients during the
> SMTP transaction. See:
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
>
> If the downstream servers are not able to reject unknown recipients
> during SMTP, your only option is to find some way to either query
> the downstream server directly, maybe through an LDAP or sql lookup
> depending on what software the downstream runs, or find some way to
> periodically export a user list from the downstream server to the
> gateway.
>
> Fixing this can be a lot a trouble, but it's worth it.  There's some
> evidence that domains that accept all recipients are spam
> attractors, and spammers will eventually clog your queue with
> thousands/millions of undeliverable bounces, affecting incoming mail
> delivery.  If that's not bad enough, some sites blacklist
> backscatter sources, affecting your ability to send mail.
>
>
>
>   -- Noel Jones

Thank you very much Noel. I'm currently testing it.

MS Exchange from 2013 onwards don't reject unknown recipients, or at least
some. I'm whitelisting them for now.

Thanks again
 -- Diego