Loading ...
Sorry, an error occurred while loading the content.

What To Do About Fake Addresses?

Expand Messages
  • KashMaster
    This question seems to have been answered many times and in various ways... in fact, so often that there is such an overabundance that it is difficult to
    Message 1 of 4 , Oct 1, 2007
    • 0 Attachment
      This question seems to have been answered many times and in various
      ways... in fact, so often that there is such an overabundance that it
      is difficult to winnow the wheat from the chaff. Consequently, I am
      seeking your opinions both in general and specifically with regard to
      postfix.

      To expand on the subject line: I was greeted (?) this morning by a
      mailbox of several thousand "mail failure" notices from servers all over
      the world. Without exception, these represented rejected spam (either
      caught by a spamguard or sent to a bad address) that had various
      non-existent return addresses at one of my domains.

      These were forwarded to a specific mailbox which I set up for unknown
      recipients... seemed like a good idea at the time, but obviously there
      are drawbacks.

      No doubt the general subject lines can be filtered (and in fact, as this
      has happened before, a few thousand of them were filtered to "rejected"
      mailbox), but the more important question to my mind is whether there is
      something better (or additional) to do that would let the sender know
      that the return address was faked and did not originate from this domain?

      Thanks for your thoughts on the matter.
    • Victor Duchovni
      ... Yes, strongly consider removing the wildcard mailbox, and reject invalid addresses. ... http://www.postfix.org/BACKSCATTER_README.html ... What sender? You
      Message 2 of 4 , Oct 1, 2007
      • 0 Attachment
        On Mon, Oct 01, 2007 at 09:49:33AM -0500, KashMaster wrote:

        > This question seems to have been answered many times and in various
        > ways... in fact, so often that there is such an overabundance that it
        > is difficult to winnow the wheat from the chaff. Consequently, I am
        > seeking your opinions both in general and specifically with regard to
        > postfix.
        >
        > To expand on the subject line: I was greeted (?) this morning by a
        > mailbox of several thousand "mail failure" notices from servers all over
        > the world. Without exception, these represented rejected spam (either
        > caught by a spamguard or sent to a bad address) that had various
        > non-existent return addresses at one of my domains.
        >
        > These were forwarded to a specific mailbox which I set up for unknown
        > recipients... seemed like a good idea at the time, but obviously there
        > are drawbacks.

        Yes, strongly consider removing the wildcard mailbox, and reject invalid
        addresses.

        > No doubt the general subject lines can be filtered (and in fact, as this
        > has happened before, a few thousand of them were filtered to "rejected"
        > mailbox),

        http://www.postfix.org/BACKSCATTER_README.html

        > but the more important question to my mind is whether there is
        > something better (or additional) to do that would let the sender know
        > that the return address was faked and did not originate from this domain?

        What sender? You are getting bounces. For out of office replies,
        ... don't contribute to the spam recipient's junk mail load by sending
        further email they did not want.

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      • mouss
        ... This is bad because you will discard mail to mistyped addresses (what if I send mail to kachmaster? if you discard it, I won t notice my typo and will
        Message 3 of 4 , Oct 1, 2007
        • 0 Attachment
          KashMaster wrote:
          > This question seems to have been answered many times and in various
          > ways... in fact, so often that there is such an overabundance that it
          > is difficult to winnow the wheat from the chaff. Consequently, I am
          > seeking your opinions both in general and specifically with regard to
          > postfix.
          >
          > To expand on the subject line: I was greeted (?) this morning by a
          > mailbox of several thousand "mail failure" notices from servers all over
          > the world. Without exception, these represented rejected spam (either
          > caught by a spamguard or sent to a bad address) that had various
          > non-existent return addresses at one of my domains.
          >
          > These were forwarded to a specific mailbox which I set up for unknown
          > recipients... seemed like a good idea at the time, but obviously there
          > are drawbacks.

          This is bad because you will discard mail to mistyped addresses (what if
          I send mail to kachmaster? if you discard it, I won't notice my typo
          and will assume you got my message).

          Instead, use address validation to reject mail to (and from) invalid
          addresses. if your maps are correctly configured, then you can add
          reject_unlisted_recipient
          reject_unlisted_sender
          somewhere at the top of your restrictions (so that such mail is rejected
          before you do expensive checks).

          for backscatter using valid addresses, see the BACKSCATTER README. or
          you can just live with this until you get annoyed enough to start block
          listing the broken servers.

          >
          > No doubt the general subject lines can be filtered (and in fact, as this
          > has happened before, a few thousand of them were filtered to "rejected"
          > mailbox), but the more important question to my mind is whether there is
          > something better (or additional) to do that would let the sender know
          > that the return address was faked and did not originate from this domain?

          there is nothing to tell the sender. They are broken, and some of them
          will bounce your posts to their postmaser/abuse/... addresses (so these
          are multi-broken), and you'll get bored very quickly. either ignore or
          block the outscatter client.
        • KashMaster
          Aha! Now that I know the right buzzword, I can find the stuff... Thanks! http://www.postfix.org/BACKSCATTER_README.html
          Message 4 of 4 , Oct 1, 2007
          • 0 Attachment
            Aha! Now that I know the right buzzword, I can find the stuff...

            Thanks!

            http://www.postfix.org/BACKSCATTER_README.html
          Your message has been successfully submitted and would be delivered to recipients shortly.