?
Solved

How to stop Postfix backscattering

Posted on 2011-02-23
4
Medium Priority
?
866 Views
Last Modified: 2013-12-27
Hi there

I run a backup MX server, this server has recently been blacklisted for backscatter.

The problem I have is that the server accepts mail for all domains listed, regardless of user, which then forwards it on to the primary MX when it is up.

How can I prevent this server bouncing back mail adressed to users that dont exist , so as to prevent back scatter?
0
Comment
Question by:alexanderfoti
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 34965687
It depends on how the other domais are managed, do you have an LDAP or something similar to centralized domain/user acconts into which you can tie in this postfix server such that it does not accept emails destined to non-existant users?
The other option is to use the postfix as the inbound only anti-spam/virus gateway to your MX.
A bonce back message should not lead to your server beng blacklisted.
Double check that you are only accepting emails for your domains.
0
 
LVL 1

Author Comment

by:alexanderfoti
ID: 34965710
This is a hosted backup mx for seperately hosted domains so no way to tie into LDAP unfortunately.

There around 40 domains and I have double checked and it is 100% not an open relay.

I have read that I need to stop as much spam/false mail in the smtp transmission phase as possible but I struggle to see how other backup mx services prevent this problem from occuring.
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 34965867
The problem with a backup MX such as the one you mention is that spammers who get their messages rejected during the SMTP session by the primary mail servers, have resorted on sending email messages to backup MXs just for this reason i.e. if the backup is not identically configured as the primary, it will take all messages and will then be forced to deliver the bounce (NDR) to the fake senders.
One option is to use SPF/DomainKeys/etc. mechanisms to 'validate' the senders' as much as possible, but because of the spamming issue, the backup MX are more trouble than they are worth.  Often as long as the primary server is not down for more than 5 to 7 days, the sending mail servers should attempt to deliver the message.
The backup MX extends the delivery window often to 14 days but depends on the configuration.

See whether the backupMX provide an option where you can load a list of valid users for all your domains, such that it will reject all emails destined to others. The issue is that you must maintain the list a close to current as possible. I.e. update when you add a user on the prmaryMX.  The removal can be less frequent.
0
 
LVL 1

Author Comment

by:alexanderfoti
ID: 35081728
I see that its just an occupational problem with running a backup mx.

I have added some spam checks into the backup mx in an attempt to try and prevent it accepting mail for invalid domains/users/etc

Many thanks for your help.
0

Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month8 days, 16 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question