Relaying and backskatter problem
in [Postfix]
|
Prev: question about MX records and postfix (repost)
Next: Small amount of spam still routed through server andanotherproblem with spam
From: Randy on 25 Mar 2010 09:39 Stan Hoeppner wrote: > Randy put forth on 3/24/2010 3:55 PM: > > >> dig -x 208.43.143.111 >> ;; ANSWER SECTION: >> 111.143.43.208.in-addr.arpa. 3600 IN PTR >> 208.43.143.111-static.reverse.softlayer.com. >> > > Your problem isn't the Exchange server per se. Your problem is that you're > forwarding spam to it, and its anti-spam software is better than that on > your Postfix server, which causes the backscatter. Almost any mail coming > to you from Softlayer IP space is going to be spam, most likely snowshoe. > Softlayer is a generic ISP/COLO outfit with tons of resellers and terrible > (non existent) customer vetting. They have few, if any, legit email sending > customers. As you can see I've extensively SMTP blocked Softlayer over the > years. I suggest you do the same. > > # Softlayer, Dallas 10/10/2008 > 66.228.112.0/20 REJECT > 67.228.0.0/16 REJECT > 74.86.0.0/16 REJECT > 208.43.0.0/16 REJECT > 174.36.0.0/15 REJECT > 75.126.0.0/16 REJECT > 173.192.0.0/15 REJECT > > Beef up the anti spam capabilities on your Postfix server and this problem > will go away. Either that or tell the Exchange admin to silently > drop/discard/eat the spam instead of rejecting it back upstream. The former > is the preferable route, the latter the lazy route. > > Agreed that most if not all is spam, however, I do not want to accept the mail period much less accept it, then scam/ mark it and then drop it. The reason I mark spam then drop into a specified users folder is so that a user can review as need. In fact, we send out reminders to users to look through their spam folders for these false positives. Also, it appears that exchange is rejecting the mail and not accepting, scanning then bouncing. It appears that exchange uses some other criteria to check sender domain or that it does additional checks and simply rejects with that message. I do realize that I could set up something where we accept the mail to these domains, scan it then drop the email if it is tagged as spam. What about the mail that passes the content scanning? And what happens when this particular mail gets through and they send 1 million. Is in not better to drop reject mail at the smtpd level which would free resources and not allow specifically crafted mail to even enter the content filter? I think I have come to the conclusion that I need to contact their ISP and ask that they turn these checks off and allow us to filter as necessary. However, I would still like to reject before we send it over to the spam software as it appears exchange has the means to catch these and postfix does not or I cannot find a setting.
From: "martijn.list" on 25 Mar 2010 10:34
Randy wrote: > It appears that exchange uses some other criteria to > check sender domain or that it does additional checks and simply > rejects with that message. I do realize that I could set up something > where we accept the mail to these domains, scan it then drop the email > if it is tagged as spam. What about the mail that passes the content > scanning? And what happens when this particular mail gets through and > they send 1 million. Perhaps I misunderstand your problem but wouldn't using "expand_owner_alias" solve your problem? You said you are forwarding email to some users. The 'problem' with forwarding is that the original envelope sender is used and any bounce will therefore be delivered to the original sender. Why don't you set an owner alias for all forwarded email with the alias set to the spam account of the forwarder user? If the email is not accepted by the external server you are forwarding to the email will be bounced to the spam box of the forwarded user and not to the original sender. Kind regards, Martijn Brinkers -- Djigzo open source email encryption |