How to stop Postfix backscattering

Hi there

I run a backup MX server, this server has recently been blacklisted for backscatter.

The problem I have is that the server accepts mail for all domains listed, regardless of user, which then forwards it on to the primary MX when it is up.

How can I prevent this server bouncing back mail adressed to users that dont exist , so as to prevent back scatter?
LVL 1
alexanderfotiAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
arnoldConnect With a Mentor Commented:
The problem with a backup MX such as the one you mention is that spammers who get their messages rejected during the SMTP session by the primary mail servers, have resorted on sending email messages to backup MXs just for this reason i.e. if the backup is not identically configured as the primary, it will take all messages and will then be forced to deliver the bounce (NDR) to the fake senders.
One option is to use SPF/DomainKeys/etc. mechanisms to 'validate' the senders' as much as possible, but because of the spamming issue, the backup MX are more trouble than they are worth.  Often as long as the primary server is not down for more than 5 to 7 days, the sending mail servers should attempt to deliver the message.
The backup MX extends the delivery window often to 14 days but depends on the configuration.

See whether the backupMX provide an option where you can load a list of valid users for all your domains, such that it will reject all emails destined to others. The issue is that you must maintain the list a close to current as possible. I.e. update when you add a user on the prmaryMX.  The removal can be less frequent.
0
 
arnoldCommented:
It depends on how the other domais are managed, do you have an LDAP or something similar to centralized domain/user acconts into which you can tie in this postfix server such that it does not accept emails destined to non-existant users?
The other option is to use the postfix as the inbound only anti-spam/virus gateway to your MX.
A bonce back message should not lead to your server beng blacklisted.
Double check that you are only accepting emails for your domains.
0
 
alexanderfotiAuthor Commented:
This is a hosted backup mx for seperately hosted domains so no way to tie into LDAP unfortunately.

There around 40 domains and I have double checked and it is 100% not an open relay.

I have read that I need to stop as much spam/false mail in the smtp transmission phase as possible but I struggle to see how other backup mx services prevent this problem from occuring.
0
 
alexanderfotiAuthor Commented:
I see that its just an occupational problem with running a backup mx.

I have added some spam checks into the backup mx in an attempt to try and prevent it accepting mail for invalid domains/users/etc

Many thanks for your help.
0
All Courses

From novice to tech pro — start learning today.