Re: [exim] listed at .backscatterer.org
On 2011-08-25 at 07:45 +0200, Jan Ingvoldstad wrote:
On Thu, Aug 25, 2011 at 00:50, Frank Elsner frank.els...@tu-berlin.dewrote:
One idea might be to send bounces and only bounces from a different
interface/IP.
This avoids blacklisting of the interface/IP used to send all other
normal mail.
That is a decent way of mitigating the risks, but I don't see how to do
that.
Do you (or anyone else, for that matter) have an example?
# after begin transports
remote_smtp:
driver = smtp
interface = ${if eq{$sender_address}{}{192.0.2.1}{192.0.2.2}}
(untested)
-Phil
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at .backscatterer.org
On 25/08/11 2:36 AM, Oliver Howe ojh...@gmail.com wrote: I don't think I should stop sending bounce backs as long as they are legitimate (if for example somebody made a typing mistake when composing a message). But I do want to stop sending bounce backs to messages that didnt come from where they say they did. A mail server should not accept emails if it cannot deliver it so accepting emails for invalid users and then bouncing it is wrong. Talk to the people who are accepting and then bouncing emails and get them to fix their mail server. Thanks -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at .backscatterer.org
-Original Message- From: exim-users-boun...@exim.org [mailto:exim-users-boun...@exim.org] On Behalf Of Craig Whitmore Sent: Wednesday, August 24, 2011 8:32 AM To: Oliver Howe; exim-users@exim.org Subject: Re: [exim] listed at .backscatterer.org A mail server should not accept emails if it cannot deliver it so accepting emails for invalid users and then bouncing it is wrong. That's a troublesome requirement. If user validation can't be done at the border, or especially if there's a validation service in between the sender and the receiving domain, a domain has no choice but to do this. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at .backscatterer.org
On Wed, 24 Aug 2011 15:36:56 +0100 Oliver Howe wrote: Hi, One of my mail servers has been listed at backscatterer.org They say they can remove me for 92 euros or I will be automatically removed in 4 weeks. One idea might be to send bounces and only bounces from a different interface/IP. This avoids blacklisting of the interface/IP used to send all other normal mail. --Frank Elsner -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at .backscatterer.org
On Thu, Aug 25, 2011 at 00:50, Frank Elsner frank.els...@tu-berlin.dewrote: One idea might be to send bounces and only bounces from a different interface/IP. This avoids blacklisting of the interface/IP used to send all other normal mail. That is a decent way of mitigating the risks, but I don't see how to do that. Do you (or anyone else, for that matter) have an example? -- Jan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On Mon, 2010-06-28 at 11:48 +0100, Ian Eiloart wrote: Well, the backscatter issue means that we have no choice but to try to do that. But that's a bad thing. It would be a much better world in which we were able to accept such messages, and then generate a bounce. Why? Because bounce messages have the potential to be more user-friendly. Users still won't bother to read them, and will prefer to ask a sysadmin who will have read the words on the user's screen to them, before the user actually understands. I believe that with improved email authentication (SPF, DKIM, etc), we'll one day be able to revive the bounce message. That's actually one thing that SPF _could_ be useful for. The problem with using SPF for rejecting mail is that it can only _reliably_ say either 'yes' and 'don't know'. It isn't sane to use a 'don't know' answer as a criterion for rejecting mail -- but it _is_ sane to use a 'yes' answer to decide it's OK to accept this mail and then bounce it later if we have to. FWIW, I wouldn't bother worrying about backscatterer.org. They deliberately don't distinguish between real backscatter and sender verification, even though they could easily do so by noting whether the host attempts to enter the DATA phase or not. Any sane blacklist would give the user the _choice_ of whether to include hosts that do sender verification, but backscatterer.org seems to deliberately refuse to do this in order to promote its owner's religious beliefs about callouts. I think my hosts are frequently listed, but I've only _once_ noticed it causing a rejection -- and in that case, the admin of the rejecting mail server was easily persuaded to stop using backscatterer.org after the problems with it were explained. You can't worry about _every_ random blacklist out there run by idiots. -- dwmw2 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On Tue, 2010-06-29 at 10:51 +0100, David Woodhouse wrote: [snip other items for clarity] I think my hosts are frequently listed, but I've only _once_ noticed it causing a rejection -- and in that case, the admin of the rejecting mail server was easily persuaded to stop using backscatterer.org after the problems with it were explained. You can't worry about _every_ random blacklist out there run by idiots. It is probably not fair to lump UCEProtect with the 'random blacklist run by idiots' badge. I would agree that it can be a touch aggressive in some instances, but on the whole it is a useful tool. Personally I applaud them for *trying* to do something about the backscatter issue. There really is little need for a properly set up server to reject mail it cannot deliver after agreeing to accept it. The only credible argument I've seen is the case of over-quota on a non-local mail store. Even then I suspect it would be possible to hash a simple api or helper script to check this. Quite apart from the 'digital anti social behaviour' of accept then reject, there is the question of overall efficiency of it. That, however, is just my own view and I certainly don't hold the kind of qualifications of logic ability of the master of Exim being a mere rookie with it. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
--On 29 June 2010 10:51:00 +0100 David Woodhouse dw...@infradead.org wrote: n Mon, 2010-06-28 at 11:48 +0100, Ian Eiloart wrote: Well, the backscatter issue means that we have no choice but to try to do that. But that's a bad thing. It would be a much better world in which we were able to accept such messages, and then generate a bounce. Why? Because bounce messages have the potential to be more user-friendly. Users still won't bother to read them, and will prefer to ask a sysadmin who will have read the words on the user's screen to them, before the user actually understands. Well, that will often be the case. I'm just saying that a bounce message has more chance of conveying useful information if its created by the receiving server than the sending server. Why? Because the best the sending server can do is try to interpret the SMTP (enhanced?) error code, and wrap the SMTP error text. Even if this just makes life easier for the admin, then that's progress. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On Tue, 29 Jun 2010, Ian Eiloart wrote: --On 29 June 2010 10:51:00 +0100 David Woodhouse dw...@infradead.org wrote: Users still won't bother to read them, and will prefer to ask a sysadmin who will have read the words on the user's screen to them, before the user actually understands. Some of those users have no interest in hearing the sysadmin read the words to them or having an understanding of what they mean; they are showing them to the sysadmin purely so that he'll do something to make the problem go away. Well, that will often be the case. I'm just saying that a bounce message has more chance of conveying useful information if its created by the receiving server than the sending server. Why? Because the best the sending server can do is try to interpret the SMTP (enhanced?) error code, and wrap the SMTP error text. Not to mention that if you issue multi-line rejection messages, you may find that the sender receives back an error report with one of: 1. all of your carefully crafted lines; 2. the first line; 3. the last line; or 4. none of them, and to boot, an incorrect or misleading error message resulting from invalid assumptions by the sending server. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On Tue, 2010-06-29 at 12:52 +0100, Jethro R Binks wrote: On Tue, 29 Jun 2010, Ian Eiloart wrote: --On 29 June 2010 10:51:00 +0100 David Woodhouse dw...@infradead.org wrote: Users still won't bother to read them, and will prefer to ask a sysadmin who will have read the words on the user's screen to them, before the user actually understands. Some of those users have no interest in hearing the sysadmin read the words to them or having an understanding of what they mean; they are showing them to the sysadmin purely so that he'll do something to make the problem go away. It's often a problem which is entirely outside the realm of the local sysadmin, though. It's almost always the _remote_ server which is failing to accept the mail. Occasionally that might be because of a local problem, such as being on a blacklist or lacking reverse DNS, that the local sysadmin can deal with. Mostly it's not though. Well, that will often be the case. I'm just saying that a bounce message has more chance of conveying useful information if its created by the receiving server than the sending server. Why? Because the best the sending server can do is try to interpret the SMTP (enhanced?) error code, and wrap the SMTP error text. Not to mention that if you issue multi-line rejection messages, you may find that the sender receives back an error report with one of: 1. all of your carefully crafted lines; 2. the first line; 3. the last line; or 4. none of them, and to boot, an incorrect or misleading error message resulting from invalid assumptions by the sending server. In cases 2-4, I suppose it _is_ correct for the users to bug their sysadmin, until such time as he/she fixes the mail server so that it _does_ correctly cite the SMTP error. -- dwmw2 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On Tue, 29 Jun 2010, David Woodhouse wrote: --On 29 June 2010 10:51:00 +0100 David Woodhouse dw...@infradead.org wrote: Users still won't bother to read them, and will prefer to ask a sysadmin who will have read the words on the user's screen to them, before the user actually understands. Some of those users have no interest in hearing the sysadmin read the words to them or having an understanding of what they mean; they are showing them to the sysadmin purely so that he'll do something to make the problem go away. It's often a problem which is entirely outside the realm of the local sysadmin, though. It's almost always the _remote_ server which is failing to accept the mail. Occasionally that might be because of a local problem, such as being on a blacklist or lacking reverse DNS, that the local sysadmin can deal with. Mostly it's not though. Oh of course, you and I know that, but the end user often doesn't. The sysadmin is employed to fix things, so once he's been shown the problem, he's expected to toddle off and make the problem go away. Even when he can't. (He'll probably get lumbered with the job of trying to find out from the recipient site why the message wasn't rejected, or maybe he'll take the cheap way out and tell the user to email from Google instead). 1. all of your carefully crafted lines; 2. the first line; 3. the last line; or 4. none of them, and to boot, an incorrect or misleading error message resulting from invalid assumptions by the sending server. In cases 2-4, I suppose it _is_ correct for the users to bug their sysadmin, until such time as he/she fixes the mail server so that it _does_ correctly cite the SMTP error. Yeah, when I receive such reports forwarded from sites having problems sending to us, showing me only a partial of the multi-line response, I always point out that the sending server is broken in not showing the whole of the (helpful, informative) message. It doesn't do much good in most cases though, as often times these are (yes, broken) commercial products over which the sysadmin has no influence. It is easy for us to say replace it with something that works, but when that might cost money, time, resource or skill that they don't have, they'll stick with what they have that mostly works, and grumble at end sites that cause them problems. In our community, we generally uphold values of correctness and strictness reasonably highly, but that often doesn't play out in other organisations and with vendors. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
--On 29 June 2010 13:24:28 +0100 David Woodhouse dw...@infradead.org wrote: On Tue, 2010-06-29 at 12:52 +0100, Jethro R Binks wrote: On Tue, 29 Jun 2010, Ian Eiloart wrote: --On 29 June 2010 10:51:00 +0100 David Woodhouse dw...@infradead.org wrote: Users still won't bother to read them, and will prefer to ask a sysadmin who will have read the words on the user's screen to them, before the user actually understands. Some of those users have no interest in hearing the sysadmin read the words to them or having an understanding of what they mean; they are showing them to the sysadmin purely so that he'll do something to make the problem go away. It's often a problem which is entirely outside the realm of the local sysadmin, though. It's almost always the _remote_ server which is failing to accept the mail. Occasionally that might be because of a local problem, such as being on a blacklist or lacking reverse DNS, that the local sysadmin can deal with. Mostly it's not though. In our case, when we're failing to accept the mail, it's almost always because the sending server is misconfigured. Well, that will often be the case. I'm just saying that a bounce message has more chance of conveying useful information if its created by the receiving server than the sending server. Why? Because the best the sending server can do is try to interpret the SMTP (enhanced?) error code, and wrap the SMTP error text. Not to mention that if you issue multi-line rejection messages, you may find that the sender receives back an error report with one of: 1. all of your carefully crafted lines; 2. the first line; 3. the last line; or 4. none of them, and to boot, an incorrect or misleading error message resulting from invalid assumptions by the sending server. In cases 2-4, I suppose it _is_ correct for the users to bug their sysadmin, until such time as he/she fixes the mail server so that it _does_ correctly cite the SMTP error. -- dwmw2 -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
- Original Message - From: Phil Pennock exim-us...@spodhuis.org To: Grant Peel gp...@thenetnow.com Cc: exim-users@exim.org Sent: Monday, June 28, 2010 5:32 PM Subject: Re: [exim] listed at Backscatterer.org On 2010-06-28 at 16:43 -0400, Grant Peel wrote: I have been researching and tinkering to no avail on the backscatter issue. Trying to make sure I am not the source, or the recipient of backscatter. backscatterer.org has not helped as occasionally my server have been listed. I am attaching a copy of my configure script hoping someone might have some suggestions as to how to curb/eliminate backscatter. Missing verify = recipient for +spf_bypass case. -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ Thanks for the feedback Phil, Does the rest of the config look sane to you? -Grant -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
Is it not possible to have an ACL check for over-quota and reject at SMTP time? I don't use Quotas myself, so I've not looked into it. Potentially difficult if your mailstore is a separate IMAP server, eg Cyrus, Dovecot. But would you want to do this? Surely over-quota should be treated as a temporary failure. Maybe you'd want to accept the message and hope the user clears the problem so the message can be delivered. 95 percent of the time over quotta does not clear itself up. Its usually users that have there client setup to 'leave a copy of all messages on server' for eternity. They usually do not understand the warning message that tells them clearly they have reached 90 percent of there mail quotta either. But to be fair most cannot be expected to understand they just want it to work. Matt -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On 2010-06-29 at 16:07 -0400, Grant Peel wrote: Does the rest of the config look sane to you? I only skimmed it briefly and am not going to have time for this any time soon, sorry. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
OK, Thanks Phil :-) - Original Message - From: Phil Pennock exim-us...@spodhuis.org To: Grant Peel gp...@thenetnow.com Cc: exim-users@exim.org Sent: Tuesday, June 29, 2010 5:13 PM Subject: Re: [exim] listed at Backscatterer.org On 2010-06-29 at 16:07 -0400, Grant Peel wrote: Does the rest of the config look sane to you? I only skimmed it briefly and am not going to have time for this any time soon, sorry. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
--On 25 June 2010 13:56:12 +0100 Ron White exim...@riotm.co.uk wrote: On Fri, 2010-06-25 at 11:28 +0100, Ian Eiloart wrote: --On 24 June 2010 09:43:40 + Kebba Foon kebba.f...@qcell.gm wrote: Backscatterer - Why it is abusive and how to stop your system doing so Email servers should be configured to provide Non-Delivery Reports (bounces) to local users only. Unacceptable email from anywhere else should be rejected. This is silly advice. It should be quite acceptable to bounce email that has an SPF pass, or that has a valid DKIM signature (provided the return path domain matches a signed From header domain). In both cases, if you're creating collateral spam, then that's the fault of the domain operator. There is probably a bit of a translation issue there as backscatter.org is part of Dirk Claus 'UCEProtect' stable of blocklists. My personal opinion is you should never accept mail that you cannot deliver to a user and in such a scenario it should be rejected at SMTP time - not after a 250 is given and (any/the) MTA decides it does not want it for whatever reason. Exim is very flexible and its brilliant ACL's can pretty much reduce backscatter to zero if configured correctly. Well, the backscatter issue means that we have no choice but to try to do that. But that's a bad thing. It would be a much better world in which we were able to accept such messages, and then generate a bounce. Why? Because bounce messages have the potential to be more user-friendly. I believe that with improved email authentication (SPF, DKIM, etc), we'll one day be able to revive the bounce message. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
- Original Message -
From: Ian Eiloart i...@sussex.ac.uk
To: exim...@riotm.co.uk
Cc: exim-users@exim.org
Sent: Monday, June 28, 2010 6:48 AM
Subject: Re: [exim] listed at Backscatterer.org
--On 25 June 2010 13:56:12 +0100 Ron White exim...@riotm.co.uk wrote:
On Fri, 2010-06-25 at 11:28 +0100, Ian Eiloart wrote:
--On 24 June 2010 09:43:40 + Kebba Foon kebba.f...@qcell.gm wrote:
Backscatterer - Why it is abusive and how to stop your system doing so
Email servers should be configured to provide Non-Delivery Reports
(bounces) to local users only.
Unacceptable email from anywhere else should be rejected.
This is silly advice. It should be quite acceptable to bounce email that
has an SPF pass, or that has a valid DKIM signature (provided the return
path domain matches a signed From header domain). In both cases, if
you're creating collateral spam, then that's the fault of the domain
operator.
There is probably a bit of a translation issue there as backscatter.org
is part of Dirk Claus 'UCEProtect' stable of blocklists.
My personal opinion is you should never accept mail that you cannot
deliver to a user and in such a scenario it should be rejected at SMTP
time - not after a 250 is given and (any/the) MTA decides it does not
want it for whatever reason. Exim is very flexible and its brilliant
ACL's can pretty much reduce backscatter to zero if configured
correctly.
Well, the backscatter issue means that we have no choice but to try to do
that. But that's a bad thing. It would be a much better world in which we
were able to accept such messages, and then generate a bounce. Why?
Because
bounce messages have the potential to be more user-friendly.
I believe that with improved email authentication (SPF, DKIM, etc), we'll
one day be able to revive the bounce message.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Hi all,
I was happy to see someone else start this thread :-)
I have been researching and tinkering to no avail on the backscatter
issue. Trying to make sure I am not the source, or the recipient of
backscatter. backscatterer.org has not helped as occasionally my server have
been listed.
I am attaching a copy of my configure script hoping someone might have
some suggestions as to how to curb/eliminate backscatter.
My server is a virtual setup, domains listed in /etc/domains, real unix
user mapped to domains through /etc/domains_users, virtual users (for each
domain) listed in a password file in /etc/virtual/domain/passwd, aliases
listed in /home/domain/mail/aliases. The server is still sending mail
through the base server name (FQDNS)
Also, feel free to crituque the whole config:
##
#MAIN CONFIGURATION SETTINGS #
##
primary_hostname = mydomain
domainlist relay_to_domains =
domainlist local_domains = /etc/virtual/domains
domainlist filtered_domains = /etc/virtual/filtered_domains
hostlist filtering_hosts = /etc/virtual/filtering_hosts
hostlist relay_from_hosts = /etc/virtual/domains
hostlist blacklisted_domains = /etc/virtual/blacklist
hostlist spf_bypass = /etc/virtual/spf_bypass
hostlist whitelist = /etc/virtual/whitelist
acl_smtp_rcpt = acl_check_rcpt
trusted_users = mailnull:root:webmail:www
exim_user = mailnull
exim_group = mail
never_users =
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 0s
timeout_frozen_after = 0s
auto_thaw = 6h
return_path_remove
untrusted_set_sender = *
helo_allow_chars = _
daemon_smtp_ports = 25 : 109 : 587
bounce_message_file = /usr/local/etc/exim/bounce_message_file
warn_message_file = /usr/local/etc/exim/warn_message_file
return_size_limit = 1
bounce_return_message = true
bounce_return_size_limit = 1000
delay_warning = 72h
smtp_accept_max = 100
smtp_accept_max_per_host = 10
smtp_return_error_details = yes
log_selector = +incoming_interface +deliver_time +delivery_size
+received_sender \
+received_recipients +sender_on_delivery +subject +address_rewrite
+all_parents
# log_selector = +all
message_logs = false
#
# My Attempt at greylisting
#
hide mysql_servers = localhost/exim_db/exim_db/passwd:
GREYLIST_TEST = SELECT IF(NOW() block_expires, 2, 1) \
FROM exim_greylist \
WHERE relay_ip = '${quote_mysql:$sender_host_address}' \
AND from_domain = '${quote_mysql:$sender_address_domain}' \
AND record_expires NOW()
GREYLIST_ADD = INSERT INTO exim_greylist \
SET relay_ip = '${quote_mysql:$sender_host_address
Re: [exim] listed at Backscatterer.org
On 2010-06-28 at 16:43 -0400, Grant Peel wrote: I have been researching and tinkering to no avail on the backscatter issue. Trying to make sure I am not the source, or the recipient of backscatter. backscatterer.org has not helped as occasionally my server have been listed. I am attaching a copy of my configure script hoping someone might have some suggestions as to how to curb/eliminate backscatter. Missing verify = recipient for +spf_bypass case. -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
--On 24 June 2010 09:43:40 + Kebba Foon kebba.f...@qcell.gm wrote: Backscatterer - Why it is abusive and how to stop your system doing so Email servers should be configured to provide Non-Delivery Reports (bounces) to local users only. Unacceptable email from anywhere else should be rejected. This is silly advice. It should be quite acceptable to bounce email that has an SPF pass, or that has a valid DKIM signature (provided the return path domain matches a signed From header domain). In both cases, if you're creating collateral spam, then that's the fault of the domain operator. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On Fri, 2010-06-25 at 11:28 +0100, Ian Eiloart wrote: --On 24 June 2010 09:43:40 + Kebba Foon kebba.f...@qcell.gm wrote: Backscatterer - Why it is abusive and how to stop your system doing so Email servers should be configured to provide Non-Delivery Reports (bounces) to local users only. Unacceptable email from anywhere else should be rejected. This is silly advice. It should be quite acceptable to bounce email that has an SPF pass, or that has a valid DKIM signature (provided the return path domain matches a signed From header domain). In both cases, if you're creating collateral spam, then that's the fault of the domain operator. There is probably a bit of a translation issue there as backscatter.org is part of Dirk Claus 'UCEProtect' stable of blocklists. My personal opinion is you should never accept mail that you cannot deliver to a user and in such a scenario it should be rejected at SMTP time - not after a 250 is given and (any/the) MTA decides it does not want it for whatever reason. Exim is very flexible and its brilliant ACL's can pretty much reduce backscatter to zero if configured correctly. I agree that if something passes an SPF check then a 'bounce' after a 250 should not be a serious issue, but again accepting stuff you can't deliver is generally a bad plan. With backscatter.org it is quite possible to get listed for doing callouts (particular sender verification checks) and even auto-responders if someone maliciously spoofs the mail from, and spammers know it, so use them with care :-) -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
From: Kebba Foon
recently i found out that some of
the ip's i allow relay for are infect and send a lot of mails with fake
sender addresses
The bounces/backscatter is because a lot of these mails is to
nonexistent recipient addresses (spammers' lists contain a lot of
nonexistent addresses). So, infected IPs can be automatically blocked:
LIM = 100
PERIOD = 1h
WARNTO = ab...@qanet.gm
EXIMBINARY = /usr/local/sbin/exim
SHELL = /bin/sh
...
acl_check_rcpt:
...
accept hosts = +relay_from_hosts
set acl_m_user = $sender_host_address
# or userid from RADIUS if IPs are assigned dynamically
condition = ${if exists{$spool_directory/blocked_users}}
condition = ${if eq{${lookup{$acl_m_user}lsearch\
{$spool_directory/blocked_users}{1}{0}}}{1}}
control = freeze/no_tell
add_header = X-User: $acl_m_user
accept hosts = +relay_from_hosts
!verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
ratelimit = LIM / PERIOD / per_rcpt / user-$acl_m_user
continue = ${run{SHELL -c echo $acl_m_user \
$spool_directory/blocked_users; \
\N{\N echo Subject: user $acl_m_user blocked; echo; echo because \
has sent mail to LIM invalid recipients during PERIOD.; \
\N}\N | EXIMBINARY WARNTO}}
control = freeze/no_tell
add_header = X-User: $acl_m_user
accept hosts = +relay_from_hosts
control = submission/domain=
After you get the notification, you look up the frozen messages
in the queue (using exipick). If that's spam, you make the user
to disinfect the machine, exact the fine (according to contract),
after that you delete the line with the userid from the blocked_users file
and delete frozen spam using exipick.
If you relay from authenticated users then the approach is similar:
accept authenticated = *
set acl_m_user = $authenticated_id
# in case of mailboxes in /var/mail: ${sg{$authenticated_id}{\N\W.*$\N}{}}
condition = ${if exists{$spool_directory/blocked_users}}
condition = ${if eq{${lookup{$acl_m_user}lsearch\
{$spool_directory/blocked_users}{1}{0}}}{1}}
control = freeze/no_tell
add_header = X-Authenticated-As: $acl_m_user
accept authenticated = *
!verify = recipient/defer_ok/callout=10s,defer_ok,use_sender
ratelimit = LIM / PERIOD / per_rcpt / user-$acl_m_user
continue = ${run{SHELL -c echo $acl_m_user \
$spool_directory/blocked_users; \
\N{\N echo Subject: user $acl_m_user blocked; echo; echo because \
has sent mail to LIM invalid recipients during PERIOD.; \
\N}\N | EXIMBINARY WARNTO}}
control = freeze/no_tell
add_header = X-Authenticated-As: $acl_m_user
accept authenticated = *
control = submission/domain=
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
my mail server has been listed at backscatterer.org, and on their site they suggested that i should only send bounces to local users but i dont know how to implement this in exim. recently i found out that some of the ip's i allow relay for are infect and send a lot of mails with fake sender addresses, is their a way in exim that i can allow only senders with local + accepted domains to relay mails from my mail server. eg: that i allow a u...@my-domains.tld from 1.2.3.4 to relay through my server but u...@strange-domains.tld from 1.2.3.4 not relay or send any mails. this will really help me as now what i normally do is block the smtp for the specific ip sending those spams which affect any legitimate emails. I really need help on this two problems. here is an example from the backscattere website. Backscatterer - Why it is abusive and how to stop your system doing so Email servers should be configured to provide Non-Delivery Reports (bounces) to local users only. Unacceptable email from anywhere else should be rejected. When my email server was getting listed it was due to over quotta accounts generating bounces. In the end I wrote perl script that creates a list of over quotta email address every 5 minutes and rejects at SMTP time rather then creating the bounce. Matt -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On Fri, 2010-06-25 at 09:50 -0500, Matt wrote: my mail server has been listed at backscatterer.org, and on their site they suggested that i should only send bounces to local users but i dont know how to implement this in exim. recently i found out that some of the ip's i allow relay for are infect and send a lot of mails with fake sender addresses, is their a way in exim that i can allow only senders with local + accepted domains to relay mails from my mail server. eg: that i allow a u...@my-domains.tld from 1.2.3.4 to relay through my server but u...@strange-domains.tld from 1.2.3.4 not relay or send any mails. this will really help me as now what i normally do is block the smtp for the specific ip sending those spams which affect any legitimate emails. I really need help on this two problems. here is an example from the backscattere website. Backscatterer - Why it is abusive and how to stop your system doing so Email servers should be configured to provide Non-Delivery Reports (bounces) to local users only. Unacceptable email from anywhere else should be rejected. When my email server was getting listed it was due to over quotta accounts generating bounces. In the end I wrote perl script that creates a list of over quotta email address every 5 minutes and rejects at SMTP time rather then creating the bounce. Matt Is it not possible to have an ACL check for over-quota and reject at SMTP time? I don't use Quotas myself, so I've not looked into it. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On Fri, 25 Jun 2010, Ron White wrote: From: Ron White exim...@riotm.co.uk Cc: exim-users@exim.org Date: Fri, 25 Jun 2010 17:02:18 Subject: Re: [exim] listed at Backscatterer.org ... Is it not possible to have an ACL check for over-quota and reject at SMTP time? I don't use Quotas myself, so I've not looked into it. Potentially difficult if your mailstore is a separate IMAP server, eg Cyrus, Dovecot. But would you want to do this? Surely over-quota should be treated as a temporary failure. Maybe you'd want to accept the message and hope the user clears the problem so the message can be delivered. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK d.h.da...@bath.ac.uk Phone: +44 1225 386101 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] listed at Backscatterer.org
On Fri, 2010-06-25 at 17:54 +0100, Dennis Davis wrote: On Fri, 25 Jun 2010, Ron White wrote: From: Ron White exim...@riotm.co.uk Cc: exim-users@exim.org Date: Fri, 25 Jun 2010 17:02:18 Subject: Re: [exim] listed at Backscatterer.org ... Is it not possible to have an ACL check for over-quota and reject at SMTP time? I don't use Quotas myself, so I've not looked into it. Potentially difficult if your mailstore is a separate IMAP server, eg Cyrus, Dovecot. But would you want to do this? Surely over-quota should be treated as a temporary failure. Maybe you'd want to accept the message and hope the user clears the problem so the message can be delivered. -- Of course. I had not sat and thought about it. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
