Travel

Categories

How to avoid Backscatter in Sendmail

Taken from http://elqui.dcsc.utfsm.cl/util/email/backscatter.html

Your MX servers should reject email for unknown users at the SMTP initial transaction and NOT forward them to internal SMTP servers without a “user check”.

  • Step1: In MX SERVER, add these 4 lines to your “.mc” file in the right place..
    FEATURE(access_db, hash -T<TMPF> /etc/mail/access)dnl
    FEATURE(`blacklist_recipients’)dnl
    define(`VIRTUSER_TABLE’, `hash -o /etc/mail/virtusertable’)dnl
    VIRTUSER_DOMAIN_FILE(`/etc/mail/virtuserdomain’)dnl

  • Step2: In MX SERVER, put YOUR internal valid domains in /etc/mail/virtuserdomain
    #
    example.com
    my.org

  • Step3: In MX SERVER, add these lines to your “access” file (/etc/mail/access):
    ——————-insert into access file—————————–
    # list of internal domains that have their own servers
    # and you do not serve them. Your server only receives email
    # from them.
    # equal to “internal domains that you receive email via MX”
    From:marketing.my.org         OK
    From:marketing.example.com    OK

    ######################
    # Reject Forgery – Not requiered for Backscattering
    ######################
    # FOR TEST USE: /usr/lib/sendmail -bt
    # check_mail <valid.user@example.com> –> ACCESS DENIED
    From:example.com      REJECT
    # check_mail <valid.user@my.org> –> ACCESS DENIED
    From:my.org           REJECT

    ######################
    ## Reject Backscatter….
    # reject unknown recipients, because SPAMMERS
    # use this to spam other domains through bounces
    # messages (user unknown).
    #
    ##############################################
    # general rejection strings
    To:example.com     error:5.1.1:”550 User unknown”
    To:my.org          error:5.1.1:”550 User unknown”
    #
    ################################################
    # List ALL valid internal EMAIL addresses
    # If not listed here, sender server will get a “550 User unknown”
    # you should use a shell script to help you build
    # this list each time you create a user.
    #
    To:john.doe@example.com    RELAY
    To:jane.joe@my.org         RELAY
    To:postmaster@example.com  RELAY
    etc…
    ——————-end inserto into access—————————–
  • Step4: In MX SERVER, regenerate your “sendmail.cf” and re-makemap your “access” database

  • Step5: In MX SERVER, TEST the configuration using an external IP address (in this example 200.89.70.8 mx.uchile.cl):$ /usr/lib/sendmail -bt -d21.4
    .D{client_addr}200.89.70.8
    .D{client_name}mx.uchile.cl

    check_rcpt <john.doe@example.com>
    # should produce a —> RELAY

    check_rcpt <user.notexist@example.com>
    # should produce a —> “550 User unknown

2 comments to How to avoid Backscatter in Sendmail

  • Djs

    I am getting backscatter to valid addresses only.

    If I have AUTH implemented and the receiving MX is the final mailserver, will this configuration help with the backscatter targeted at valid addresses?

    Thanks,
    D.

  • As far as I know, AUTH is used to authenticate the sender, not the receiver so you can’t use AUTH in this case.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

WP-Highlight