On 9/7/2010 2:32 AM, Jan-Frode Myklebust wrote:
On Mon, Sep 06, 2010 at 06:29:28PM -0500, Noel Jones wrote:
I fail to see how controlling your users From: addresses will affect
a backscatterer.org listing.
I'm thinking we can accept sending some backscatter to our own
customers, at least as long as it's authenticated backscatter and we can
stop the abuser. We just want to avoid sending backscatter out of our
networks.
That's crazy talk.
Do you have any other suggestions/pointers to what the real problem is?
Don't accept mail you don't intend to deliver, and don't annoy
other sysadmins or remote users. Specifically:
- reject unknown recipients for your local/virtual/relay
domains during the SMTP transaction. Do not accept everything
and later bounce the undeliverables.
- If you do spam and/or virus filtering, either do the
filtering pre-queue so you can reject unwanted mail during
SMTP, or accept+tag or quarantine unwanted mail. Never bounce
unwanted mail back to the reported (forged) sender address.
- Do not use the postfix "reject_unverified_sender" setting
unless you are a very low volume site or you make arrangements
to severely limit the scope of addresses that are verified.
Many sysadmins view verification probes as abusive -- it can
appear to be a dictionary attack.
-- Noel Jones
