Solved

How to stop Postfix backscattering

Posted on 2011-02-23
4
853 Views
Last Modified: 2013-12-27
Hi there

I run a backup MX server, this server has recently been blacklisted for backscatter.

The problem I have is that the server accepts mail for all domains listed, regardless of user, which then forwards it on to the primary MX when it is up.

How can I prevent this server bouncing back mail adressed to users that dont exist , so as to prevent back scatter?
0
Comment
Question by:alexanderfoti
  • 2
  • 2
4 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 34965687
It depends on how the other domais are managed, do you have an LDAP or something similar to centralized domain/user acconts into which you can tie in this postfix server such that it does not accept emails destined to non-existant users?
The other option is to use the postfix as the inbound only anti-spam/virus gateway to your MX.
A bonce back message should not lead to your server beng blacklisted.
Double check that you are only accepting emails for your domains.
0
 
LVL 1

Author Comment

by:alexanderfoti
ID: 34965710
This is a hosted backup mx for seperately hosted domains so no way to tie into LDAP unfortunately.

There around 40 domains and I have double checked and it is 100% not an open relay.

I have read that I need to stop as much spam/false mail in the smtp transmission phase as possible but I struggle to see how other backup mx services prevent this problem from occuring.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 34965867
The problem with a backup MX such as the one you mention is that spammers who get their messages rejected during the SMTP session by the primary mail servers, have resorted on sending email messages to backup MXs just for this reason i.e. if the backup is not identically configured as the primary, it will take all messages and will then be forced to deliver the bounce (NDR) to the fake senders.
One option is to use SPF/DomainKeys/etc. mechanisms to 'validate' the senders' as much as possible, but because of the spamming issue, the backup MX are more trouble than they are worth.  Often as long as the primary server is not down for more than 5 to 7 days, the sending mail servers should attempt to deliver the message.
The backup MX extends the delivery window often to 14 days but depends on the configuration.

See whether the backupMX provide an option where you can load a list of valid users for all your domains, such that it will reject all emails destined to others. The issue is that you must maintain the list a close to current as possible. I.e. update when you add a user on the prmaryMX.  The removal can be less frequent.
0
 
LVL 1

Author Comment

by:alexanderfoti
ID: 35081728
I see that its just an occupational problem with running a backup mx.

I have added some spam checks into the backup mx in an attempt to try and prevent it accepting mail for invalid domains/users/etc

Many thanks for your help.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This Micro Tutorial demonstrates  how Internet marketers work with competitive analysis data, and a common task in data preparation is creating separate column for domains. You will then extract from a list of URLs.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now