LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 08-05-2010, 08:01 PM   #1
SteveJenkins
LQ Newbie
 
Registered: Nov 2009
Distribution: CentOS
Posts: 18

Rep: Reputation: 0
Preventing Backscatter with Postfix


I have Googled and searched dozens of forums and mailing list archives for a couple days now, and I haven't found a straightforward answer to what is REALLY required in a Postfix main.cf file to stop backscatter.

A couple of our servers are stil being flagged as sending backscatter. Is it possible to send a bounce message these days without it being considered backscatter?

I keep adding suggested "fixes" to my main.cf file, but Backscatterer.org still says we're doing it.

Here's my postconf -n output:

Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
local_recipient_maps = unix:passwd.byname $alias_maps
mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain, $mydomain
mynetworks = 127.0.0.0/8
myorigin = xxxxxxxxx.com
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_data_restrictions =
     reject_unauth_pipelining,
     permit
smtpd_recipient_restrictions =
     reject_invalid_hostname,
     reject_non_fqdn_hostname,
     reject_non_fqdn_sender,
     reject_non_fqdn_recipient,
     reject_unlisted_recipient,
     reject_unknown_sender_domain,
     reject_unknown_recipient_domain,
     permit_mynetworks,
     reject_unauth_destination,
     permit
smtpd_reject_unlisted_recipient = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
Am I missing something and/or have stuff in there I don't need? I'm at my wits end!

EDIT: Backscatterer.org gave me a timestamp for the last time my server reportedly offended, and this is the matching entry in my maillog:

Code:
Aug  4 12:06:35 zork postfix/smtp[1966]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=mail.acanthuscaput.com[69.30.193.210]
:25, delay=17478, delays=17299/0.01/23/156, dsn=5.0.0, status=bounced (host mail.acanthuscaput.com[69.30.193.210] said: 554 We don't
 take bounces from systems listed at BACKSCATTERER.ORG (in reply to DATA command))
A grep of the maillog for any line that includes that email address showed:

Code:
Aug  4 07:15:17 zork dkimproxy.in[24014]: DKIM verify - none; message-id=<e53801cb33de$1b1a2359$bc68ffa7@acanthuscaput.com>, from=<tod7shigeo@acanthuscaput.com> 
Aug  4 07:15:18 zork postfix/qmgr[21673]: E7C3E107E57: from=<tod7shigeo@acanthuscaput.com>, size=3546, nrcpt=1 (queue active)
Aug  4 07:15:48 zork postfix/smtp[17610]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=30, delays=0/0/30/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug  4 07:37:33 zork postfix/smtp[18959]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=1335, delays=1299/0.01/36/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug  4 08:10:48 zork postfix/smtp[20889]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=3330, delays=3299/0.02/31/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug  4 09:17:33 zork postfix/smtp[24742]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=7336, delays=7300/0.03/36/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug  4 10:40:57 zork postfix/smtp[29543]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=12340, delays=12299/0.03/41/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug  4 12:06:35 zork postfix/smtp[1966]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=mail.acanthuscaput.com[69.30.193.210]:25, delay=17478, delays=17299/0.01/23/156, dsn=5.0.0, status=bounced (host mail.acanthuscaput.com[69.30.193.210] said: 554 We don't take bounces from systems listed at BACKSCATTERER.ORG (in reply to DATA command))

Last edited by SteveJenkins; 08-05-2010 at 08:16 PM.
 
Old 08-06-2010, 07:21 PM   #2
SteveJenkins
LQ Newbie
 
Registered: Nov 2009
Distribution: CentOS
Posts: 18

Original Poster
Rep: Reputation: 0
80+ views and no ideas? I'm running Postfix 2.3.3, btw.

I've read all the FAQs on the Postfix site (but most seem a little outdated).

Any nudges in the right direction would be appreciated.
 
Old 08-06-2010, 10:36 PM   #3
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Quote:
Is it possible to send a bounce message these days without it being considered backscatter?
Are you accepting the messages and then bouncing them?

Are you rejecting the messages without accepting them?

Quote:
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
permit
smtpd_reject_unlisted_recipient = yes
Why do you need these settings?

Last edited by jamrock; 08-06-2010 at 11:49 PM.
 
Old 08-29-2010, 07:29 PM   #4
SteveJenkins
LQ Newbie
 
Registered: Nov 2009
Distribution: CentOS
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jamrock View Post
Are you accepting the messages and then bouncing them? Are you rejecting the messages without accepting them?
Frankly, I have no idea. That's why I pasted in those lines from the mail log. What SHOULD it be doing to properly prevent backscatter?

Quote:
Originally Posted by jamrock View Post
Why do you need these settings?
I saw them in a post that suggested they be there to help stop backscatter (http://www.linuxquestions.org/questi...roblem-724444/). But it seems there's a whole lot of voodoo when it comes to this subject, and very few people are able to give some definitive answers. I'm really hoping for some shoves in the right direction.

Last edited by SteveJenkins; 08-29-2010 at 07:36 PM.
 
Old 08-29-2010, 10:41 PM   #5
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
I am not an expert on this. However, I will tell you what I understand.

Mail servers receive a lot of spam. Spammers often use forged addresses when they send email.

You can either:

reject these messages
accept them, then bounce them.

If you reject them, they will not end up in your mail queue.

If you accept them then bounce them, you create backscatter. This happens because you are trying to bounce mail to addresses that do not exist.

http://www.postfix.org/BACKSCATTER_README.html

From what I understand, Postfix rejects unknown recipients by default.

http://www.postfix.org/LOCAL_RECIPIENT_README.html

I would start by finding out why this is not happening on your server.

Can you set up a test server? I would start by commenting out the following and testing the results:

Quote:
local_recipient_maps = unixasswd.byname $alias_maps
The comments in the main.cf suggest that the default value is sufficient.

Quote:
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
permit
smtpd_reject_unlisted_recipient = yes
I hope this helps.

You may also find this document useful
http://www.postfix.org/BASIC_CONFIGURATION_README.html

Last edited by jamrock; 08-29-2010 at 11:07 PM.
 
Old 08-30-2010, 12:19 AM   #6
SteveJenkins
LQ Newbie
 
Registered: Nov 2009
Distribution: CentOS
Posts: 18

Original Poster
Rep: Reputation: 0
I appreciate the reply Jamrock (especially since nobody else has!) but I was hoping for a bit more guidance than "RTFM." I have read all those things, and the myriad posts by others having these same problems, and there seem to be very few experts who can speak with any authority as to why it's happening. From what I can see on the tests we're running, we're rejecting the mail instead of bouncing it. But we're STILL ending up in backscatter reports.
 
Old 08-30-2010, 06:50 AM   #7
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Quote:
Originally Posted by SteveJenkins View Post
and there seem to be very few experts who can speak with any authority as to why it's happening.
I suspect that is so because it is not the norm. Postfix rejects unknown recipients by default. If you make only the changes in the basic configuration document it doesn't happen.

Quote:
Originally Posted by SteveJenkins View Post
From what I can see on the tests we're running, we're rejecting the mail instead of bouncing it. But we're STILL ending up in backscatter reports.
Can you post the logs showing the mail being rejected?
 
  


Reply

Tags
maincf, postfix


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
preventing postfix from listening on port 25 tklima Linux - Server 5 08-30-2010 01:06 PM
Postfix Backscatter Problem glyn3332 Linux - Server 1 05-07-2009 03:28 PM
Backscatter Email (Postfix) carlosinfl Linux - Server 7 04-15-2008 10:04 AM
Duration of backscatter billymayday Linux - Security 9 01-20-2007 06:47 AM


All times are GMT -5. The time now is 05:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration