[BlueOnyx:26337] Re: Backscatter / user not found bounce

Michael Stauber mstauber at blueonyx.it
Sun Jul 2 12:57:00 -05 2023 

Hi Colin,

> We are having issues with spammers sending thousands of emails to non-existent users on our hosted domains and our BX server then bouncing them as "554 5.5.1 Error: no valid recipients" and our IP consequently getting blacklisted for backscatter.
> 
> Microsoft hate us now – Hotmail etc. and block all email from our subnet! :-/
> 
> 5210R
> 
> Is there any practical way to stop “no valid recipient” email being sent out from the server?

Let us take a look at the source of the problem:

A SPAM-sender connects from a dial-up IP or botnet or a hacked server to 
your MTA and claims to be someone he isn't. Like whatever at hotmail.com. 
And he then tries to send email to a non-existing user on your end.

This can cause backscatter, as the non-delivery-notice is delivered to 
the claimed (but faked) whatever at hotmail.com sender address.

For legitimate emails you want non-delivery-notice to inform a 
legitimate sender that he's not getting through.

How to defeat backscatter in case of faked sender addresses?

Here are three recommendations:

1.) Switch to Postfix in the GUI

     This has stricter sender verification checks.

2.) Enable and configure SPF and switch it to "Sign & Verify" mode

     This checks the SPF records of sender domains and if the senders
     IP is not within the SPF records published by say hotmail.com, then
     the email will be rejected at the MTA w/o bounce and NDN.

To really prevent any bounces ever to leave your server and go somewhere 
you don't want them to go to? This can be done via Postfix.

Edit /usr/sausalito/bin/custom-postfix-confgen.sh and at the bottom add 
these lines:

postconf -e 'bounce_notice_recipient = <your_email_address>'
postconf -e '2bounce_notice_recipient = <your_email_address>'

Be sure to change <your_email_address> to a valid email address which 
you want all bounces to go to.

Then restart Postfix and you should be good to go:

systemctl restart postfix

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list