[BlueOnyx:26339] Re: Backscatter / user not found bounce

Colin Jack colin at mainline.co.uk
Sun Jul 2 13:57:33 -05 2023 

Hi Michael,



> We are having issues with spammers sending thousands of emails to non-existent users on our hosted domains and our BX server then bouncing them as "554 5.5.1 Error: no valid recipients" and our IP consequently getting blacklisted for backscatter.

>

> Microsoft hate us now – Hotmail etc. and block all email from our subnet! :-/

>

> 5210R

>

> Is there any practical way to stop “no valid recipient” email being sent out from the server?



Let us take a look at the source of the problem:



A SPAM-sender connects from a dial-up IP or botnet or a hacked server to

your MTA and claims to be someone he isn't. Like whatever at hotmail.com <mailto:whatever at hotmail.com>.

And he then tries to send email to a non-existing user on your end.



This can cause backscatter, as the non-delivery-notice is delivered to

the claimed (but faked) whatever at hotmail.com <mailto:whatever at hotmail.com> sender address.



Exactly ...



For legitimate emails you want non-delivery-notice to inform a

legitimate sender that he's not getting through.



How to defeat backscatter in case of faked sender addresses?



Here are three recommendations:



1.) Switch to Postfix in the GUI



This has stricter sender verification checks.



Will do.



2.) Enable and configure SPF and switch it to "Sign & Verify" mode





This checks the SPF records of sender domains and if the senders

IP is not within the SPF records published by say hotmail.com, then

the email will be rejected at the MTA w/o bounce and NDN.



Sounds right. Hadn’t thought of this.



To really prevent any bounces ever to leave your server and go somewhere

you don't want them to go to? This can be done via Postfix.





Edit /usr/sausalito/bin/custom-postfix-confgen.sh and at the bottom add

these lines:





postconf -e 'bounce_notice_recipient = <your_email_address>'

postconf -e '2bounce_notice_recipient = <your_email_address>'





Be sure to change <your_email_address> to a valid email address which

you want all bounces to go to.





Then restart Postfix and you should be good to go:





systemctl restart postfix



This sounds spot on. Good advice as usual!



Many thanks



Colin


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230702/f2bc2f9d/attachment.html>

More information about the Blueonyx mailing list