postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: RE: Fighting Backscatter

RE: Fighting Backscatter

From: Steve Jenkins <steve_at_nospam>
Date: Fri Oct 15 2010 - 19:47:31 GMT
To: "'Wietse Venema'" <wietse@porcupine.org>

Hi, Wietse. Thanks for the speedy reply. I'm a big fan of Postfix, so first
of all, thank you for developing such a great product. I cringe thinking
about the days when I used to have to run Sendmail (shudder).

Ok... so let me see if I understand what is happening on my server.

1) SpamCo forges a message from innocent@victim.com and sends it to
myaunt@familyname.com

2) My server (familyname.com) accepts the message because myaunt@familyname
is a valid recipient that appears in my virtual aliases file, then forwards
the message (based on the info in that virtual aliases file) to my aunt's
actual email address of auntiemildredloveskitties@cox.net

3) Cox.net rejects the mail because it's SPAM and sends it back to the
spoofed "sender": innocent@victim.com, basically saying "your message to
myaunt@familyname.com was rejected because of xyz reason"

4) Innocent@victim.com's mail server receives the rejection from the ISP and
then reports the IP of familyname.com as a backscatterer.

Question 1) Is that an accurate representation of what is probably
happening?

Question 2) Isn't the ISP in step 3 truly responsible for the backscatter? I
was an innocent "middleman" and my Postfix did what it was supposed to do:
forwarded a message sent to a valid address on my system.

Question 3) Why can't my Aunt rely on her ISP's SPAM filters in step 3? I'm
just trying to be a friendly family member and provide everyone a
"permanent" email address of theirname@familyname.com. I don't want to
administer a SPAM filter on my server and deal with everyone's complaints
about false positives. I want to set up my mail server so that it rejects
the most obviously misconfigured senders, but I'd prefer to leave SPAM
filtering up to the individual family members. My dad, for example, has his
alias forwarded to a gmail account, which is a great spam filter for his
needs.

Question 4) Any suggestions for an elegant solution? I want to be a
responsible mail server admin, but I also don't want to simply tell everyone
in my family that I can no longer forward their @familyname.com mail to the
accounts of their choice - many of them have relied on these email addresses
since I got the domain in 1996.

Thanks in advance,

Steve

-----Original Message-----
From: Wietse Venema [mailto:wietse@porcupine.org]
Sent: Friday, October 15, 2010 12:13 PM
To: Steve Jenkins
Cc: Postfix users
Subject: Re: Fighting Backscatter

Steve Jenkins:
> There are a few entries in there that seem to match the "<>" bill, but I'm
> not sure I'm understanding what they're saying, or even what I should be
> looking for to troubleshoot.
>
> For some background, this is my personal server that I run my family's
mail
> on. There are a few local IMAP/POP accounts for my immediate family
members
> (they are also allowed to relay mail using SMTP-AUTH), but most of the
valid
> destination addresses on this box are virtual aliases that forward
> "firstname@familyname.com" to everyone's respective gmail, aol, cox.net
> addresses, etc.

If you forward spam, then it will be rejected, and that is when
Postfix starts sending spam back to innocent people.

        Wietse