Jaroslaw Grzabel schrieb: > Jim Lang pisze: >> John Peach wrote: >>> On Mon, 16 Nov 2009 13:07:05 -0700 >>> Jim Lang <post...@guscreek.com> wrote: >>> >>> >>>> John Peach wrote: >>>> >>>>> On Mon, 16 Nov 2009 13:00:26 -0700 >>>>> Jim Lang <post...@guscreek.com> wrote: >>>>> >>>>> >>>>>> Wietse Venema wrote: >>>>>> >>>>>>> Jim Lang: >>>>>>> >>>>>>>> OK here is the scenario. Spammer sends mail to: >>>>>>>> u...@myclientsdomain.com from forged >>>>>>>> address vic...@randomdomain.com >>>>>>>> >>>>>>>> If u...@myclientsdomain.com is delivered locally, not a problem, >>>>>>>> if the address is invalid, postix rejects the mail during the >>>>>>>> smtp connection. >>>>>>>> >>>>>>>> But if u...@myclientsdomain.com is an alias to >>>>>>>> mycli...@otherserver.com, postfix accepts the mail as deliverable >>>>>>>> and forwards it to hotmail.com. But if >>>>>>>> mycli...@otherserver.com can for whatever reason not be >>>>>>>> delivered, otherserver.com does what it is supposed to do and >>>>>>>> rejects the mail during the smtp connection, which causes postfix >>>>>>>> to send out a non-delivery report to vic...@randomdomain.com -- >>>>>>>> backscatter. >>>>>>>> >>>>>>>> Is there a way to stop this? >>>>>>> Yes. Don't forward SPAM. >>>>>>> >>>>>>> Wietse >>>>>>> >>>>>> And how do I do that in this scenario? >>>>>> >>>>> You use recipient verification. >>>>> >>>>> >>>> I must have been really inarticulate when I wrote out the scenario. >>>> I do use recipient verification on my server. How is it that that is >>>> not clear? Do I need to rewrite this post? >>>> >>>> >>> Clearly, you are *NOT* doing recipient verification, or >>> myotherserver.com would not be rejecting it. Never accept mail which >>> cannot be delivered. >>> >> >> >> Except no 'myotherserver.com' appeared in my scenario, nimrod. >> >> otherserver.com in the scenario is a server not under my control. >> >> unsubcribing to this useless list > But server which is out of your control should not accept messages for > example to non-existant user. So if you're doing verification even > when spammer connects to your server should recieve an ansewer from > REMOTE SERVER "user not known" or something similar. I've got similar > situation as I had to smart host for a lot of domains and connection, > but let's say I know people on that remote site, or even if not I've > got any contact details like email addres so simply... I'm trying to > explain people that if they will not protect the end server I will > block them in the smart host as I can't take a risk of block. So > generally you should use reject_unverified_recipient and additionally > you can build a database... you can limit connections, check RBLs, > CBLs, there is really a lot of things but first of all you would need > to check which hosts on the other end couses a problem and find out > what you can do more to prevent spam coming through. > I know that it's impossible to block all SPAM without being too harsh, > but there is always something what you can do to prevent it. > > Regards, > Jarek This page (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) looks like it describes part of your problem. Could be the solution
Regards tobi
