Avoid creating backscatter on a Postfix forwarding server Announcing the arrival of Valued...
How does light 'choose' between wave and particle behaviour?
How to write the following sign?
Why wasn't DOSKEY integrated with COMMAND.COM?
Is there a kind of relay only consumes power when switching?
What's the meaning of "fortified infraction restraint"?
How to react to hostile behavior from a senior developer?
Selecting user stories during sprint planning
Why do early math courses focus on the cross sections of a cone and not on other 3D objects?
Trademark violation for app?
Question about debouncing - delay of state change
Disembodied hand growing fangs
What do you call the main part of a joke?
Amount of permutations on an NxNxN Rubik's Cube
SF book about people trapped in a series of worlds they imagine
Can a new player join a group only when a new campaign starts?
Why weren't discrete x86 CPUs ever used in game hardware?
Most bit efficient text communication method?
How often does castling occur in grandmaster games?
Illegal assignment from sObject to Id
Project Euler #1 in C++
How to compare two different files line by line in unix?
How does the math work when buying airline miles?
Do wooden building fires get hotter than 600°C?
How to tell that you are a giant?
Avoid creating backscatter on a Postfix forwarding server
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Prevent misdirected bouncebacks from forwarding serverPostfix: Avoiding backscatter when acting as backup MX with unknown valid recipiantsHow might I stop BACKSCATTER using qmail?Why does Exchange 2003 silently reject emails with large attachments?Make Exim send bounces to postmaster instead of the sender, for non-local senderLinux Mail Server Architecture for bulk mailingCan mailman/exim reject nonmember postings at connection time?Prevent misdirected bouncebacks from forwarding serverPostfix REJECT (not BOUNCE) unknown virtual aliasesHow can I prevent Exim from sending bounces when it receives permanent errors from a specific server?Does it make trouble to reject mails in the smtp dialog when users use forwarding?Postfix: do not create bounce message for virtual_alias_maps with remote servers
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I run a Postfix server that hosts a small, alias-based mailing list. Let's say people@myserver forwards to alice@someprovider and bob@someotherprovider. Now, alice@someprovider might use a more restrictive spam filter than I do.
When a spam mail from (forged) backscattervictim@somewhere to people@myserver arrives, and my spam filter detects it as spam, it is rejected in the SMTP phase --> no harm done.
However, when the same mail gets through my server, my server tries to forward it to alice, and her server rejects it during the SMTP phase, my server creates a bounce message to the innocent backscatter victim. (Which makes sense from the point of view of my server, but it's annoying for the backscatter victim.)
Is there a way to prevent this behavior? I don't want to turn off NDRs, since (in general) they serve a legitimate purpose.
email postfix spam email-bounces
asked Jan 25 '11 at 10:52
HeinziHeinzi
1,12852043
add a comment |
I run a Postfix server that hosts a small, alias-based mailing list. Let's say people@myserver forwards to alice@someprovider and bob@someotherprovider. Now, alice@someprovider might use a more restrictive spam filter than I do.
When a spam mail from (forged) backscattervictim@somewhere to people@myserver arrives, and my spam filter detects it as spam, it is rejected in the SMTP phase --> no harm done.
However, when the same mail gets through my server, my server tries to forward it to alice, and her server rejects it during the SMTP phase, my server creates a bounce message to the innocent backscatter victim. (Which makes sense from the point of view of my server, but it's annoying for the backscatter victim.)
Is there a way to prevent this behavior? I don't want to turn off NDRs, since (in general) they serve a legitimate purpose.
email postfix spam email-bounces
asked Jan 25 '11 at 10:52
HeinziHeinzi
1,12852043
add a comment |
I run a Postfix server that hosts a small, alias-based mailing list. Let's say people@myserver forwards to alice@someprovider and bob@someotherprovider. Now, alice@someprovider might use a more restrictive spam filter than I do.
When a spam mail from (forged) backscattervictim@somewhere to people@myserver arrives, and my spam filter detects it as spam, it is rejected in the SMTP phase --> no harm done.
However, when the same mail gets through my server, my server tries to forward it to alice, and her server rejects it during the SMTP phase, my server creates a bounce message to the innocent backscatter victim. (Which makes sense from the point of view of my server, but it's annoying for the backscatter victim.)
Is there a way to prevent this behavior? I don't want to turn off NDRs, since (in general) they serve a legitimate purpose.
email postfix spam email-bounces
asked Jan 25 '11 at 10:52
HeinziHeinzi
1,12852043
I run a Postfix server that hosts a small, alias-based mailing list. Let's say people@myserver forwards to alice@someprovider and bob@someotherprovider. Now, alice@someprovider might use a more restrictive spam filter than I do.
When a spam mail from (forged) backscattervictim@somewhere to people@myserver arrives, and my spam filter detects it as spam, it is rejected in the SMTP phase --> no harm done.
However, when the same mail gets through my server, my server tries to forward it to alice, and her server rejects it during the SMTP phase, my server creates a bounce message to the innocent backscatter victim. (Which makes sense from the point of view of my server, but it's annoying for the backscatter victim.)
Is there a way to prevent this behavior? I don't want to turn off NDRs, since (in general) they serve a legitimate purpose.
email postfix spam email-bounces
email postfix spam email-bounces
asked Jan 25 '11 at 10:52
HeinziHeinzi
1,12852043
asked Jan 25 '11 at 10:52
HeinziHeinzi
1,12852043
asked Jan 25 '11 at 10:52
HeinziHeinzi
1,12852043
asked Jan 25 '11 at 10:52
HeinziHeinzi
1,12852043
asked Jan 25 '11 at 10:52
HeinziHeinzi
1,12852043
1,12852043
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
If it isn't flagged as spam, but alice rejects the mail, I can't see a way for your Postfix server to not bounce the mail back to the victim, without turning off NDR's :(
Perhaps if alice marked that mail as spam somewhere in the header back to you?
answered Jan 25 '11 at 11:06
atxatx
1,043722
1
Alice didn't mark the mail as spam, as it was not accepted during SMTP dialog. The wasn't delivered to Alice. But you are right that there is no solution for that.
– mailq
Jun 9 '11 at 13:19
4
I'm having this problem... mail is being forwarded to a google address, and google will reject a message as spam, and they mostly get stuck in my mailq because the return-path email doesn't actually exist. (meanwhile, yahoo has blacklisted my server for all of these backscatter emails). Is there a way in postfix to just drop a message if google says it's spam, but not if it's some other problem?
– Jay K
Jun 4 '13 at 15:03
add a comment |
Instead of discarding bounces completely, it is possible to intercept all outgoing NDRs and redirect them to a single mailbox instead of discarding them.
In /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks
internal_mail_filter_classes = bounce,notify
In /etc/postfix/header_checks:
/^From: MAILER-DAEMON.*/ REDIRECT someuser+bounces@youmailbox.net
This means all bounces will go to a single mailbox which may be a good enough compromise between discarding and sending NDRs out for small sites with few users.
Ideally you would do this for only NDRs to non-local users but I don't think that's possible with header_checks alone.
answered 7 mins ago
Chris McCormickChris McCormick
1011
New contributor
Chris McCormick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f226560%2favoid-creating-backscatter-on-a-postfix-forwarding-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
If it isn't flagged as spam, but alice rejects the mail, I can't see a way for your Postfix server to not bounce the mail back to the victim, without turning off NDR's :(
Perhaps if alice marked that mail as spam somewhere in the header back to you?
answered Jan 25 '11 at 11:06
atxatx
1,043722
1
Alice didn't mark the mail as spam, as it was not accepted during SMTP dialog. The wasn't delivered to Alice. But you are right that there is no solution for that.
– mailq
Jun 9 '11 at 13:19
4
I'm having this problem... mail is being forwarded to a google address, and google will reject a message as spam, and they mostly get stuck in my mailq because the return-path email doesn't actually exist. (meanwhile, yahoo has blacklisted my server for all of these backscatter emails). Is there a way in postfix to just drop a message if google says it's spam, but not if it's some other problem?
– Jay K
Jun 4 '13 at 15:03
add a comment |
If it isn't flagged as spam, but alice rejects the mail, I can't see a way for your Postfix server to not bounce the mail back to the victim, without turning off NDR's :(
Perhaps if alice marked that mail as spam somewhere in the header back to you?
answered Jan 25 '11 at 11:06
atxatx
1,043722
1
Alice didn't mark the mail as spam, as it was not accepted during SMTP dialog. The wasn't delivered to Alice. But you are right that there is no solution for that.
– mailq
Jun 9 '11 at 13:19
4
I'm having this problem... mail is being forwarded to a google address, and google will reject a message as spam, and they mostly get stuck in my mailq because the return-path email doesn't actually exist. (meanwhile, yahoo has blacklisted my server for all of these backscatter emails). Is there a way in postfix to just drop a message if google says it's spam, but not if it's some other problem?
– Jay K
Jun 4 '13 at 15:03
add a comment |
If it isn't flagged as spam, but alice rejects the mail, I can't see a way for your Postfix server to not bounce the mail back to the victim, without turning off NDR's :(
Perhaps if alice marked that mail as spam somewhere in the header back to you?
answered Jan 25 '11 at 11:06
atxatx
1,043722
If it isn't flagged as spam, but alice rejects the mail, I can't see a way for your Postfix server to not bounce the mail back to the victim, without turning off NDR's :(
Perhaps if alice marked that mail as spam somewhere in the header back to you?
answered Jan 25 '11 at 11:06
atxatx
1,043722
answered Jan 25 '11 at 11:06
atxatx
1,043722
answered Jan 25 '11 at 11:06
atxatx
1,043722
answered Jan 25 '11 at 11:06
atxatx
1,043722
1,043722
1
Alice didn't mark the mail as spam, as it was not accepted during SMTP dialog. The wasn't delivered to Alice. But you are right that there is no solution for that.
– mailq
Jun 9 '11 at 13:19
4
I'm having this problem... mail is being forwarded to a google address, and google will reject a message as spam, and they mostly get stuck in my mailq because the return-path email doesn't actually exist. (meanwhile, yahoo has blacklisted my server for all of these backscatter emails). Is there a way in postfix to just drop a message if google says it's spam, but not if it's some other problem?
– Jay K
Jun 4 '13 at 15:03
add a comment |
1
Alice didn't mark the mail as spam, as it was not accepted during SMTP dialog. The wasn't delivered to Alice. But you are right that there is no solution for that.
– mailq
Jun 9 '11 at 13:19
4
I'm having this problem... mail is being forwarded to a google address, and google will reject a message as spam, and they mostly get stuck in my mailq because the return-path email doesn't actually exist. (meanwhile, yahoo has blacklisted my server for all of these backscatter emails). Is there a way in postfix to just drop a message if google says it's spam, but not if it's some other problem?
– Jay K
Jun 4 '13 at 15:03
1
1
Alice didn't mark the mail as spam, as it was not accepted during SMTP dialog. The wasn't delivered to Alice. But you are right that there is no solution for that.
– mailq
Jun 9 '11 at 13:19
Alice didn't mark the mail as spam, as it was not accepted during SMTP dialog. The wasn't delivered to Alice. But you are right that there is no solution for that.
– mailq
Jun 9 '11 at 13:19
4
4
I'm having this problem... mail is being forwarded to a google address, and google will reject a message as spam, and they mostly get stuck in my mailq because the return-path email doesn't actually exist. (meanwhile, yahoo has blacklisted my server for all of these backscatter emails). Is there a way in postfix to just drop a message if google says it's spam, but not if it's some other problem?
– Jay K
Jun 4 '13 at 15:03
I'm having this problem... mail is being forwarded to a google address, and google will reject a message as spam, and they mostly get stuck in my mailq because the return-path email doesn't actually exist. (meanwhile, yahoo has blacklisted my server for all of these backscatter emails). Is there a way in postfix to just drop a message if google says it's spam, but not if it's some other problem?
– Jay K
Jun 4 '13 at 15:03
add a comment |
Instead of discarding bounces completely, it is possible to intercept all outgoing NDRs and redirect them to a single mailbox instead of discarding them.
In /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks
internal_mail_filter_classes = bounce,notify
In /etc/postfix/header_checks:
/^From: MAILER-DAEMON.*/ REDIRECT someuser+bounces@youmailbox.net
This means all bounces will go to a single mailbox which may be a good enough compromise between discarding and sending NDRs out for small sites with few users.
Ideally you would do this for only NDRs to non-local users but I don't think that's possible with header_checks alone.
answered 7 mins ago
Chris McCormickChris McCormick
1011
New contributor
Chris McCormick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Instead of discarding bounces completely, it is possible to intercept all outgoing NDRs and redirect them to a single mailbox instead of discarding them.
In /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks
internal_mail_filter_classes = bounce,notify
In /etc/postfix/header_checks:
/^From: MAILER-DAEMON.*/ REDIRECT someuser+bounces@youmailbox.net
This means all bounces will go to a single mailbox which may be a good enough compromise between discarding and sending NDRs out for small sites with few users.
Ideally you would do this for only NDRs to non-local users but I don't think that's possible with header_checks alone.
answered 7 mins ago
Chris McCormickChris McCormick
1011
New contributor
Chris McCormick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Instead of discarding bounces completely, it is possible to intercept all outgoing NDRs and redirect them to a single mailbox instead of discarding them.
In /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks
internal_mail_filter_classes = bounce,notify
In /etc/postfix/header_checks:
/^From: MAILER-DAEMON.*/ REDIRECT someuser+bounces@youmailbox.net
This means all bounces will go to a single mailbox which may be a good enough compromise between discarding and sending NDRs out for small sites with few users.
Ideally you would do this for only NDRs to non-local users but I don't think that's possible with header_checks alone.
answered 7 mins ago
Chris McCormickChris McCormick
1011
New contributor
Chris McCormick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Instead of discarding bounces completely, it is possible to intercept all outgoing NDRs and redirect them to a single mailbox instead of discarding them.
In /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks
internal_mail_filter_classes = bounce,notify
In /etc/postfix/header_checks:
/^From: MAILER-DAEMON.*/ REDIRECT someuser+bounces@youmailbox.net
This means all bounces will go to a single mailbox which may be a good enough compromise between discarding and sending NDRs out for small sites with few users.
Ideally you would do this for only NDRs to non-local users but I don't think that's possible with header_checks alone.
answered 7 mins ago
Chris McCormickChris McCormick
1011
New contributor
Chris McCormick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 7 mins ago
Chris McCormickChris McCormick
1011
New contributor
Chris McCormick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 7 mins ago
Chris McCormickChris McCormick
1011
answered 7 mins ago
Chris McCormickChris McCormick
1011
1011
New contributor
Chris McCormick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Chris McCormick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Chris McCormick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f226560%2favoid-creating-backscatter-on-a-postfix-forwarding-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
