backscatter issue with exim config??

I've never said it worked; only that it did no harm.
I know!

If not, is customerdomain.com a real domain name on your server. My code does not block mailer-daemon for non-existent users, only for non-existent domains.
Yes. That is the problem.

The domain does exist, but the mailaddress does not. Mail is accepted, then the recipient does not exist and a bounce message is created.
This was no problem for years but since the backscatter problem is growing it is.

Don't know why it was not that clear to me sooner ;-)

I am staring at the exim.conf right now but I still look like chinese to me. But I am learning ;-)
 
No; that was not the cause. Unknown recipients are blocked well in the rcpt acl. No problem there.

I traced back some of the messages and I think this is the cause:
2009-11-13 21:06:15 217.19.237.55 whitelisted in list.dnswl.org

That is the reason why the message is accepted although the recipient does not exist ?
 
I checked a few more and found the same.

Email is send to non-existing address. Normaly not accepted but because the ip is in the whitelist it is accepted.

196.25.211.12 whitelisted in list.dnswl.org
 
Yes, that's a problem. I probably need to move the block to above the whitelist. Please (and this is important) send me an email to remind me of this as I'm out now, and I need to have note of this when I'm back at my system. I think I can solve both causes for the whitelist by where I move things.

Jeff
 
There's a new RC on my download site now (I put it there last evening); you can find it here.

The specific code is:
Code:
# RC 3.2.4  09-nov-2009
  # Mailer-Daemon messages must be for us
  deny senders = :
       message = We don't host the recipient domain
       hosts   = !+relay_hosts
       domains = !+local_domains
       !authenticated = *
It looks good to me, but it hasn't caught anything for me in about 24 hours on the active server on which I'm testing it.

Care to try it? :)

Jeff

Maybe it would be worth adding a check in the backscatterer list?
Something like what is listed here: http://www.backscatterer.org/?target=usage
Code:
  # Mailer-Daemon messages must not be from known backscatterers
  deny senders = :
       message = You seem to be a backscatter: $dnslist_text
       hosts   = !+relay_hosts
       domains = !+local_domains
       !authenticated = *
       dnslists = ips.backscatterer.org
 
This is a totally separate issue than keeping our server from creating backscatter. Personally I won't include this; I believe it will block too much good mail. You can add it if you want; if you do, be sure to let us know if it appears to be blocking good mail.

Jeff
 
We decided to just setup an extra mailserver which handles all bounce messages for directadmin servers. Hollowing out the mail protocol wasn't really acceptable in our view, so we now have a (sendmail) mailserver that handles all bounces and empties the queue if a message is >3 hours old.

Companies not wanting to receive bounces can just blacklist the thing or use the backscatterer blacklist.

Implementing it:

First setup a dedicated mailserver which is used for relaying only, we call it 'bouncer.yourdomain.com' and add your directadmin server(s) to the relay list.

Then edit the exim.conf on your directadmin machine and add the following below the begin routers line as a first entry:

Code:
bouncer:
 driver = manualroute
 domains = !+local_domains
 senders = ^postmaster@.*:^mailer-daemon@.*:^hostmaster: :
 transport = remote_smtp
 route_list = * bouncer.yourdomain.com

This will send any bounce mail which isn't destined for a local domain through the 'bouncer.yourdomain.com' mailserver.
 
Last edited:
Cool now make a guide how to setup the bouncer server :D
 
Well that's not too hard:

Install a CentOS server with sendmail on it

Edit the /etc/mail/sendmail.mc file and remove the Addr=127.0.0.1 value from the DAEMON_OPTIONS line (so it listens on the external IP's too and not just on the local one) and save the file

type: make -C /etc/mail

make sure sendmail is started at boot (use the 'setup' program or chkconfig commandline tool), restart it for now: service sendmail restart

Now do a: 'cd /etc/mail', open the 'access' file in your favorite editor and add a line like:

1.2.3.4 RELAY

(where 1.2.3.4 is your directadmin server's IP)

then type: makemap hash access.db < access

And voila, bouncer server configured, might want to edit the /etc/mail/sendmail.cf for some timeout values, but that's some general tweaking

Make sure to set a working hostname when installing the server, a DNS A record pointing to the bouncer.domainname.com and a PTR reverse record for the IP it's running on with that same name in it to prevent excessive spam scoring.
 
Im still kinda confused on what this bouncer actually does...
 
Im still kinda confused on what this bouncer actually does...

Prevents your 'real' mailserver being listed on backscatterer.org, a list which is being used as a blacklist by gmail and hotmail.

Any default directadmin install WILL eventually turn up on the backscatterer blacklist due to the mail bounces exim generates.
 
hello,

i believe my server been turn to backscatter. how do i check if my server really been hit. what should i look into email header, body or logs.
 
Old thread, but I just wanted to add that the script posted to redirect post, host and abuse to blackhole doesn't work:

#!/bin/sh
FILE=/etc/virtual/$domain/aliases
grep -v '*' $FILE > $FILE.tmp
echo "abuse: :blackhole:" >> $FILE.tmp
echo "postmaster: :blackhole:" >> $FILE.tmp
echo "hostmaster: :blackhole:" >> $FILE.tmp
echo "*: :fail:" >> $FILE.tmp
mv -f $FILE.tmp $FILE
chmod 600 $FILE
chown mail:mail $FILE
exit 0;

The alias file doesn't get chmodded to mail:mail and it makes it impossible for users to change the way the catch-all is acting.
 
This is a long thread, but it's obviously a relevant issue.

Mail is arriving at my server from a spoofed sender address, then because it's sent to a non-existent address on our end, a Mail Delivery Failure goes out to the spoofed sender... who obviously never sent the e-mail.

It happens to me quite a bit from other people who spoof my address, but I keep getting listed on Backscatterer.org who tell me my mailserver is a pile of garbage.

I disagree with this but being on Backscatterer.org delays all Google (Gmail, Etc) messages to me for several hours before they get delivered. (At least this is what Google is trying to tell me.) I believe they call it greylisted?

It's frustrating and it ONLY affects Google mail services... any idea how to solve THAT problem? Or is Backscatterer.org trying to get us to turn off all returned messages and leave the other end not knowing that their message was sent to a non-existent e-mail address.

To be fair, we also have several Exchange boxes that Gmail does this too as well... which is really starting to tick both me and the end users off...
 
The latest version of SpamBlocker powered exim.conf file for DirectAdmin, Version 4 probably will fix the issue; it has for most (if not all) of us.

You can find it here (nobaloney.net).

If for some reason you don't want to switch to Version 4, you can always figure out the changes and make them to the version you are using.

Jeff
 
Back
Top