How to prevent Backscatter in ISP Spamfilter |
Post Reply 
|
| Author | |
morten44 
Groupie 
Joined: 07 March 2008 Status: Offline Points: 74 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: How to prevent Backscatter in ISP SpamfilterPosted: 20 May 2010 at 11:40am |
|
Hi.
We have an issue with our mail server. We sometimes get blocked on
Backscatterer.org
We have ISP Spamfilter infront of Imail 8.22 server
If I understand correct, we get blocked because we "bouce" delivery failed mail back to sender that sometime is not the real sender. Therefore its taken as spam.
I understand we have to configure the system, only to "bounce" delivery failed messages back to LOCAL users, not external users.
So my question is;
Is this something we need to setup in ISP spamfilter or is it in the Imail Server?
we are using ISP for all incomming mails. we do not use ISP Spamfilter to validate any outgoing smtp.
Our IMAIL Smtp is using "no relay" and "smtp authentcation"
can you give me any idea if I can add settings in ISP spamfilter to prevent this and if yes, what.
Or will it be a Imail Configuration setting
regards
Morten |
|
 |
|
|
jerbo128
Senior Member 
Joined: 06 March 2006 Status: Offline Points: 178 |
Post Options
Thanks(0)
Quote Reply
Posted: 20 May 2010 at 10:22pm |
|
Morten,
we once used imail 822 also and it's failure to use was the backscatter. Spamfilter for the most part does not backscatter. But Imail 822 has many vulnerabilities and we found it to difficult to plug them all. My advice, find a new mail server.
|
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2010 at 10:20am |
|
Morten,
When SpamFilter receives an email that passes all filtering rules, it forwards it to your destination SMTP server. If that user does not exist, or if their mailbox is full for example, your SMTP server will reject the email attempt. At that point, SpamFilter has to notify the sender that the email was not delivered, and this is (was) done by sending a NDR (non-deliverable report) email back to the sender. If you send out too many of these NDRs, then yes, that may cause the SpamFilter server to be blacklisted. This scenario can be greatly reduced by implementing a "Authorized TO" whitelist, which contains a list of valid email addresses on your mail server. SpamFilter will only accept emails to addresses on that list, which practically eliminates the backscatter issue, and has the great benefit of reducing spam, as spammers who attempt to "guess" valid email addresses will be blocked by SpamFilter's blacklist cache. This said... a few weeks ago we released a new version of SpamFilter (v4.2.4.830) which completely changes how SpamFilter processes emails. In particular, this feature is exactly what you're looking for: / New to VersionNumber = '4.2.4.830'; {TODO -cNew To avoid backscatter, if an incoming email passes all filtering rules, but cannot be forwarded (ex. mailbox full, non-existent user), SpamFilter maintains open the incoming remote connection until it can verify with the destination server that the email can be delivered. If not, a 5xx error is output forcing the remote server to generate the NDR, rather than having SpamFilter send an NDR notification email} |
|
|
|
|
morten44
Groupie
Joined: 07 March 2008 Status: Offline Points: 74 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2010 at 6:02pm |
|
Hi
Thanks for the answer.
I think the first option to make a list of all valid emails is not a good option, as we have about 100 domains and each of them can create their own addresses. It would be hard to maintain.
About the newest version: 4.2.4.830 we have installed some weeks ago.
However we got blacklisted 3 days ago.
By Standard we are using very minimal filtering.
We basically only use the MAPS servers as filter and that has generally worked OK.
We started to get alot of spam from local so we added some more filters but the day after we got bloked. I assume tha its a coinsident that the blocking happened after also applying SFDB on nr4.
In this new version, Is it by default that it should work that way?
Another potential problem
We have ISP listening on port 25 and forwards to Imail Server port 2225.
When our users sends mail out they set port 2225 in outlook and send directly from Imail SMTP and it does not pass ISP when sending.
Is there a chance that ISP is working as it should, and the problem is that its Imail who when address is not found, sends a postmaster mail to sender?
Regards
Morten
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 May 2010 at 2:30pm |
|
Morten,
The new behavior is standard on this new release, there is nothing that needs to be enabled. Please note however that there may be other reasons why someone may get blacklisted, often caused by viruses within a network that may be sending huge amounts of spam to the internet. Usually the sites that blacklist you are able to provide you with details on the "why" the IP/subnet was blocked, which would then pinpoint the problem. For the Imail question, if your user sends an email to a non-existent user, the bounce back would usually go back to your user, however the remote server would detect the incoming email to the non-existent user. If these are isolated email attempts it wouldn't be a problem, but if the user is infected/spamming and is sending out a lot of emails, then yes, this would be an issue.
|
|
|
|
|
morten44
Groupie
Joined: 07 March 2008 Status: Offline Points: 74 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 May 2010 at 6:02pm |
|
Hi Roberto Thanks for your very well and detailed explenation as always :)
Regards
Morten
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.086 seconds.