Solved

How to stop Postfix backscattering

Posted on 2011-02-23
4
856 Views
Last Modified: 2013-12-27
Hi there

I run a backup MX server, this server has recently been blacklisted for backscatter.

The problem I have is that the server accepts mail for all domains listed, regardless of user, which then forwards it on to the primary MX when it is up.

How can I prevent this server bouncing back mail adressed to users that dont exist , so as to prevent back scatter?
0
Comment
Question by:alexanderfoti
  • 2
  • 2
4 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 34965687
It depends on how the other domais are managed, do you have an LDAP or something similar to centralized domain/user acconts into which you can tie in this postfix server such that it does not accept emails destined to non-existant users?
The other option is to use the postfix as the inbound only anti-spam/virus gateway to your MX.
A bonce back message should not lead to your server beng blacklisted.
Double check that you are only accepting emails for your domains.
0
 
LVL 1

Author Comment

by:alexanderfoti
ID: 34965710
This is a hosted backup mx for seperately hosted domains so no way to tie into LDAP unfortunately.

There around 40 domains and I have double checked and it is 100% not an open relay.

I have read that I need to stop as much spam/false mail in the smtp transmission phase as possible but I struggle to see how other backup mx services prevent this problem from occuring.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 34965867
The problem with a backup MX such as the one you mention is that spammers who get their messages rejected during the SMTP session by the primary mail servers, have resorted on sending email messages to backup MXs just for this reason i.e. if the backup is not identically configured as the primary, it will take all messages and will then be forced to deliver the bounce (NDR) to the fake senders.
One option is to use SPF/DomainKeys/etc. mechanisms to 'validate' the senders' as much as possible, but because of the spamming issue, the backup MX are more trouble than they are worth.  Often as long as the primary server is not down for more than 5 to 7 days, the sending mail servers should attempt to deliver the message.
The backup MX extends the delivery window often to 14 days but depends on the configuration.

See whether the backupMX provide an option where you can load a list of valid users for all your domains, such that it will reject all emails destined to others. The issue is that you must maintain the list a close to current as possible. I.e. update when you add a user on the prmaryMX.  The removal can be less frequent.
0
 
LVL 1

Author Comment

by:alexanderfoti
ID: 35081728
I see that its just an occupational problem with running a backup mx.

I have added some spam checks into the backup mx in an attempt to try and prevent it accepting mail for invalid domains/users/etc

Many thanks for your help.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
keeping BYOD off corporate wireless 14 58
LINUX backups with VEEAM 8 83
ifconfig 4 46
winscp where are logs stored 3 36
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question