Postfix MTA user discussion

K bharathan | 3 Jul 10:57

backscatter

the following is the log from my gateway to a subdomain; there are lot <> sender mails are going; is it backscatter?; some are rejected on the basis of header-checks; the owner of the subdomain has got a mail server; how can i prevent this

Jul 3 10:25:28 relay2 postfix/cleanup[13619]: 60F3A2122D: reject: header Content-Type: text/plain; charset="koi8-u" from mai
lhost.council.net[195.202.154.33]; from=<> to=<pac <at> abc.com> proto=ESMTP helo=<ecenterx08.ecenter.ecenter2008>: 5.7.1 NotR
eadable2
Jul 3 10:26:04 relay2 postfix/smtp[13797]: 359D42122B: to=<pac <at> abc.com>, relay=192.168.21.12[192.168.21.12]:25, delay=0.
09, delays=0.08/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 69C482293E7)
Jul 3 10:26:04 relay2 amavis[13858]: (13858-06) Passed CLEAN, [132.208.250.43] <> -> <pac <at> abc.com>, Message-ID: <0KM700I
076NIKM00 <at> courriel2.sitel.uqam.ca>, mail_id: pvzt40i0g0xP, Hits: -2.598, size: 5216, queued_as: 359D42122B, 5242 ms
Jul 3 10:26:04 relay2 postfix/smtp[13836]: C2F6D2122A: to=<pac <at> abc.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.1, de
lays=2.8/0/0/5.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 359D42122B)

guidance appreciated

headers

kj | 3 Jul 11:23

Re: backscatter

*

K bharathan wrote:
> the following is the log from my gateway to a subdomain;  there are lot 
> <> sender mails are going; is it backscatter?;  some are rejected on the 
> basis of header-checks; the owner of the subdomain has got a mail 
> server; how can i prevent this

It becomes backscatter if the recipient server rejects the mail and 
you're stuck with it.  So the solution is simple: don't relay mail for 
someone who doesn't accept all mail from you.  Or work with them so that 
you have the same header checks and other criteria, so that your server 
will refuse to accept anything that their server will reject.

Still, on their side, if they have a relay in front of them, they should 
be accepting all mail from the relay and discard stuff they don't want, 
instead of rejecting it.

--kj

headers

kj | 3 Jul 12:03

Re: backscatter

Sorry, I misread your log. from=<> usually means a bounce of some kind - 
could be legitimate.  You'll have to see where the original mail was 
sent to, the headers in the mail will give you a clue.

--kj

headers

R Johnson | 3 Jul 11:35

Re: backscatter

*

On Fri, 2009-07-03 at 10:23 +0100, kj wrote:
> K bharathan wrote:
> > the following is the log from my gateway to a subdomain;  there are lot 
> > <> sender mails are going; is it backscatter?;  some are rejected on the 
> > basis of header-checks; the owner of the subdomain has got a mail 
> > server; how can i prevent this
> 
> It becomes backscatter if the recipient server rejects the mail and 
> you're stuck with it.  So the solution is simple: don't relay mail for 
> someone who doesn't accept all mail from you.  Or work with them so that 
> you have the same header checks and other criteria, so that your server 
> will refuse to accept anything that their server will reject.
> 
> Still, on their side, if they have a relay in front of them, they should 
> be accepting all mail from the relay and discard stuff they don't want, 
> instead of rejecting it.
> 
> --kj
What I suggest you do is set up some kind of forwarding for Postscatter
so it is sent to: wietse <at> porcupine.org. I wish everyone who suffers
Postscatter would do it. Then perhaps the ignorant retarded f&ckwit may
get the fhking message.

headers

lst_hoe02 | 4 Jul 16:19

Re: backscatter

Zitat von R Johnson <zen158416 <at> zen.co.uk>:

*

> On Fri, 2009-07-03 at 10:23 +0100, kj wrote:
>> --kj
> What I suggest you do is set up some kind of forwarding for Postscatter
> so it is sent to: wietse <at> porcupine.org. I wish everyone who suffers
> Postscatter would do it. Then perhaps the ignorant retarded f&ckwit may
> get the fhking message.
>

Another one for the kill-file....

headers

Andrew Thompson | 4 Jul 04:35

Re: backscatter

*

R Johnson wrote:
> What I suggest you do is set up some kind of forwarding for Postscatter
> so it is sent to: wietse <at> porcupine.org. I wish everyone who suffers
> Postscatter would do it. <snip>

OK, I realize there is obvious hate for Wietse in this post, so lets 
ignore that for now...

Other than hanging around and possibly multiplying in mail queues, what 
is the hate for backscatter founded in? Isn't this one of those things 
you're going to have to deal with if you run a mail server?

--

-- 
Andrew Thompson

headers

LuKreme | 5 Jul 04:46

Re: backscatter

*

On 3-Jul-2009, at 20:35, Andrew Thompson wrote:
> what is the hate for backscatter founded in?

Wait until you get hundreds of thousands of backscatter where someone  
has sent out spams with your user name as the From: address and  
helpful mail systems bounce them 'back' to you since your address is  
in the From: header. This is known as a 'joe-job' and it sucks.

Besides that, a lot of spammers sent mail out with forged from  
addresses so that if the spam isin't delivered to the To: i t might be  
delivered by some retarded mailserver to the forged From.

--

-- 
And, while it was regarded as pretty good evidence of criminality
	to be living in a slum, for some reason owning a whole street
	of them merely got you invited to the very best social
	occasions.

headers

kj | 5 Jul 15:07

Re: backscatter

*

LuKreme wrote:
> Besides that, a lot of spammers sent mail out with forged from addresses 
> so that if the spam isin't delivered to the To: i t might be delivered 
> by some retarded mailserver to the forged From.

I don't think any spammer worth his spammy salt uses a legitimate 
address - it's all forged.

--kj

headers

John Peach | 5 Jul 04:53

Re: backscatter

On Sat, 4 Jul 2009 20:46:16 -0600
LuKreme <kremels <at> kreme.com> wrote:

> On 3-Jul-2009, at 20:35, Andrew Thompson wrote:
> > what is the hate for backscatter founded in?
> 
> 
> Wait until you get hundreds of thousands of backscatter where
> someone has sent out spams with your user name as the From: address
> and helpful mail systems bounce them 'back' to you since your address
> is in the From: header. This is known as a 'joe-job' and it sucks.
> 
> Besides that, a lot of spammers sent mail out with forged from  
> addresses so that if the spam isin't delivered to the To: i t might
> be delivered by some retarded mailserver to the forged From.

http://www.backscatterer.org/?target=usage

well worth looking at
> 

--

-- 
John

headers

LuKreme | 5 Jul 04:56

Re: backscatter

*

On 4-Jul-2009, at 20:53, John Peach wrote:
> http://www.backscatterer.org/?target=usage
>
> well worth looking at

Yeah, I added that a few months ago.

--

-- 
How you have felt, o men of Athens, at hearing the speeches of m
	accusers, I cannot tell; but I know that their persuasive words
	almost made me forget who I was, such was the effect of the,;
	and yet they have hardly spoken a word of truth.

headers

Chris Babcock | 4 Jul 04:49

Re: backscatter

On Fri, 03 Jul 2009 22:35:11 -0400
Andrew Thompson <andrewkt <at> aktzero.com> wrote:

*

> Other than hanging around and possibly multiplying in mail queues,
> what is the hate for backscatter founded in? Isn't this one of those
> things you're going to have to deal with if you run a mail server?

More to the point, is there *any* valid reason to blame Postfix for any
particular flavor of backscatter? I see nothing but constant
affirmation of best practices in the design of and support for Postfix.
Even someone who runs a hobby server like I do with ~1000 mails a day
can run a safe mail server with a reasonable effort thanks to this
resource.

Don't feed the troll, but do tell me if there is any backscatter source
typical of a Postfix install that I might need to watch for.

Speaking as someone who runs an application that generates automated
mail (a play by email game server), I'm grateful for returned mail and I
take care to make sure that it goes someplace where it can be used to
stop the sorceror's apprentice from making more brooms. I hate it when
providers don't notify me when they won't deliver mail because it
doesn't give me a chance to fix the problem.

Chris Babcock
http://usak.asciiking.com

headers

Noel Jones | 4 Jul 05:39

Re: backscatter

*

Chris Babcock wrote:
> Don't feed the troll

The person who posted the incomprehensible remark about 
postscatter is no longer on the list.  Other than expressing 
his dissatisfaction in an inappropriate way, I have no idea 
what he was talking about.

Further speculation as to what he actually referred to is 
pointless.

   -- Noel Jones

headers

K bharathan | 4 Jul 07:39

Re: backscatter

i've been running this relay gateway for 2 yrs now; i'd no problems of backscatters; have got a relay_recipient table and it take care of this; also kept a check on multiple bounces from an empty envelope sender;

this particular scatter was for a customer domain and haven't kept recipient table for that domain since the customer is having their own mail server; in this situation where one has got limited control on other mail server; my intention of post was to know what other precautions can be taken on my gateway

thanks

On Sat, Jul 4, 2009 at 5:39 AM, Noel Jones <njones <at> megan.vbhcs.org> wrote:

Chris Babcock wrote:
Don't feed the troll

The person who posted the incomprehensible remark about postscatter is no longer on the list. Other than expressing his dissatisfaction in an inappropriate way, I have no idea what he was talking about.

Further speculation as to what he actually referred to is pointless.

-- Noel Jones

headers

Noel Jones | 4 Jul 16:00

Re: backscatter

*

K bharathan wrote:
> i've been running this relay gateway for 2 yrs now; i'd no problems of 
> backscatters; have got a relay_recipient table and it take care of this; 
> also kept a check on multiple bounces from an empty envelope sender;
> 
> this  particular scatter was for a customer domain and haven't kept 
> recipient table for that domain since the customer is having their own 
> mail server; in this situation where one has  got limited control on 
> other mail server; my intention of post  was to know what other 
> precautions can be taken on my gateway

Please don't top-post.

For customer domains, either require a valid recipient list, 
or use reject_unverified_recipient to let postfix build a 
recipient list for you.

Use a check_recipient_access table to limit 
reject_unverified_recipient to only the domains you don't have 
a list for.  There was a discussion about this just a day or 
two ago.

   -- Noel Jones

headers

Wietse Venema | 3 Jul 13:35

Re: backscatter

This poster is terminated. I authorize the other postfix list admins
to terminate inflammatory or otherwise inappropriate behavior on
this list.

	Wietse