Re: [courier-users] Backscatter black-listing causing problems for legitimate users

[K.R. (Randy) Lewis]

Sam Varshavchik wrote: K.R. (Randy) Lewis writes: Examining the logfiles on the smarthost ... where the un-authenticated smtp mail first arrives, I see instances where some bogus / spam / spoof crap has come in, and the server does not forward it to the user's account on the real mta.  That's the good part. Define "does not forward". Explain exactly what mechanism you employ to reject unwanted mail. Yes, apologies about that. On the front-end 'smarthost' (ahead of courier) we are using OpenBSD's 'spamd' spam deferral daemon via 'pf' (packet filter).  It's somewhat astounding to watch the 1,000's of bogus attempts to send mail into our servers through this system. Almost all (I mean 99% +) of the trapped smtp attempts are from what seem to be compromised machines.  They just never come back for a legitimate 2nd attempt to send a message since they don't do a retry after they 'Temporary Failure' thrown by 'spamd' when it GREYLISTs such machines.  Anyway, that part works great, and certainly lowers the load on the courier smarthost relay. On the other hand, if he sending system is a legitimate / properly configured estmp host - and knows all the rules - and complies - and retries a message after the GREYLIST hold off period imposed by 'spamd'; it will get relayed to the user account host(s) via the submission port (587) protected on each side by OpenBSD's 'pf' from outside intrusion.     This too works great. However, that user will wind up in the 'LIST' and subsequent emails for him will get bounced with the good old "556 Address unavailable." And, he is in the blaclklist for at least the 2 hours spec'd in the docs. That means that the mechanism you've implemented involves filtering mail after it is already accepted for delivery to the recipient, and, if rejected by your mail filter, the message gets bounced. Since the message could not be delivered to the recipient, the recipient address gets put on the suppression list. Everything works on intended. This is not considered a proper way to filter mail. The correct way to implement mail filtering is to reject unwanted mail instead of accepting it and bouncing it after the fact. Courier has several different APIs by which incoming mail can be inspected or filtered before Courier accepts mail from the remote mail server, and, if unwanted, Courier then refuses to accept the message from the remote server. Just what exact combination of backscatter settings in 'couried' and in 'bofh' (as explained in the docs.) do folks use to minimize these false blacklisting of real users? If your mail filtering is implemented ex-post-facto, no combination of settings will work correctly, and you must turn it off completely. OK, I read and re-read you comments (above), then re-visited what I'm doing on the user accounts host(s) machines. Yes, I have been filtering via a long-standing 'maildroprc' file that has served quite well, especially BEFORE we went exclusively with the really 'smart' smarthost relay system combination of OpenBSD +'spamd' + courier relay. I can now see that some of the filter rules I had in place were possibly causing a non 'ZERO' exit code due to delivery refusal into a users Maildir. Because (now) most of the offenders are being fended off on the front-end system BEFORE being relayed to the user account hosts, I have decided to remove the maildroprc processing on the end user host(s) from the equation. The only thing 'maildrop' that's happening is running message deliveries through 'spamprobe' (via $HOME/.mailfilter) and deciding which user sub-maildir gets the message. A message will go into either 'Maildir/new' or 'Maildir/.spam/new' based on its score - but it WILL get delivered. There is no non-ZERO exit code that can find its way back upstream. Hopefully this change from the previous configuration will settle things out for my trusted users. Thanks for your great work. Randy ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users --

begin:vcard
fn:K. Randy Lewis
n:Lewis;K. Randy
org:RTMX Networking, LLC
adr;dom:;;PO Box 1030;Hillsborough;NC;27278
email;internet:ra...@rtmx.net
title:Save Gas --  Telecommute with RTMX !
tel;work:919 644 7869
tel;fax:919 724 4439
x-mozilla-html:TRUE
url:http://www.rtmx.net
version:2.1
end:vcard


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users