Loading ...
Sorry, an error occurred while loading the content.

Re: Null sender address in NDR's

Expand Messages
  • mouss
    ... null sender should be accepted. as of today, null sendr is not (yet?) abused by spammers. and even if someday spammers decide to abuse it, we will setup
    Message 1 of 13 , Feb 14, 2013
    • 0 Attachment
      Le 14/02/2013 16:03, James Day a écrit :
      > Hello List,
      >
      > I'll have to start by breaking to golden rule of this list and not posting postconf -n output as my question relates to a server over which I have no control.
      >
      > A customer of mine is using a smart host provided by their ISP through which all outbound mail is delivered smtp.enta.net (which is running postfix).
      >
      > This server holds a list of valid domain from which this customer is allowed to send. A sensible precaution to prevent a compromised machine from sending spam using spoofed sender addresses on other domains.
      >
      > The problem is that when clients mail server sends a NDR the sender address is <> (ie NULL). The null sender address causes the message to be rejected with:
      >
      > 554+5.7.1+<>:+Sender+address+rejected:+Access+denied
      >
      > Is there a sensible way to configure postfix to allow these messages with null sender addresses to be relayed without opening the smart host up to exploitation?

      null sender should be accepted. as of today, null sendr is not (yet?)
      abused by spammers.

      and even if someday spammers decide to abuse it, we will setup simple
      content filtering rules (NDR is not supposed to use a "normal" From:
      address, etc etc).

      so I'd say: just allow the null sender for now.

      >
      > Or alternatively - and this is off topic for this list - is there a way to configure Microsoft exchange 2003 to send NDR's with a different sender address.


      dunno. but if you can put a postfix in front of exchange, you could
      replace the null sender with specific address (of course, if you do so,
      make sure to discard mail to this address to avoid loops). of course,
      you should try to only do that for that specific ISP.

      >
      > And before anyone comments, yes I know this isn't best practice as NDR's should have null sender addresses to stop loops (bouncing bounce-backs!).
      >

      yeah. but as long as you take care for auto-replies, you can replace the
      null sender with any specific address of yours (such as ndr@...)
      for which you never send bounces. not trivial, but you can do that.
    • Rod Whitworth
      ... I don t know if you are seeing the storm I m seeing that works like this: Spammer sends mail to my domain using a target like and
      Message 2 of 13 , Feb 14, 2013
      • 0 Attachment
        On Thu, 14 Feb 2013 15:58:34 +0000, Viktor Dukhovni wrote:

        >This has nothing to do with spam. One can just as easily send spam
        >as <malory@...> as one can as <>. The ISP can equally easily
        >track it down, since the Received: headers will contain the offending
        >IP address.
        >

        I don't know if you are seeing the storm I'm seeing that works like
        this:

        Spammer sends mail to my domain using a target like
        <JIXnZQwb5@...> and of course that is not accepted at entry.

        However there are masses of idiots who accept and bounce and so I see:
        <UHpUaGeKa48@...> proto=ESMTP helo=<mail-pa0-f68.google.com>
        in bounce messages that did not originate in my domain.

        The spammer is hoping for his message to be bounced so that it looks
        like the spam came from an innocent domain.

        I aasume that the content is spam. I don't have time to probe messages
        that may even have malware involved.

        I wonder how many bounced messages are read at the falsely accused
        domain....

        R/

        *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list.
        Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou.

        Rod/
        ---
        This life is not the real thing.
        It is not even in Beta.
        If it was, then OpenBSD would already have a man page for it.
      • Robert Schetterer
        ... as in real world, there is less you can do against idiots ... you may use dmarc, helps a little bit however in my most spammed domain, i use an adaptive
        Message 3 of 13 , Feb 14, 2013
        • 0 Attachment
          Am 15.02.2013 00:29, schrieb Rod Whitworth:
          > On Thu, 14 Feb 2013 15:58:34 +0000, Viktor Dukhovni wrote:
          >
          >> This has nothing to do with spam. One can just as easily send spam
          >> as <malory@...> as one can as <>. The ISP can equally easily
          >> track it down, since the Received: headers will contain the offending
          >> IP address.
          >>
          >
          > I don't know if you are seeing the storm I'm seeing that works like
          > this:
          >
          > Spammer sends mail to my domain using a target like
          > <JIXnZQwb5@...> and of course that is not accepted at entry.
          >
          > However there are masses of idiots who accept and bounce and so I see:
          > <UHpUaGeKa48@...> proto=ESMTP helo=<mail-pa0-f68.google.com>
          > in bounce messages that did not originate in my domain.

          as in real world, there is less you can do against idiots

          >
          > The spammer is hoping for his message to be bounced so that it looks
          > like the spam came from an innocent domain.
          >
          > I aasume that the content is spam. I don't have time to probe messages
          > that may even have malware involved.
          >
          > I wonder how many bounced messages are read at the falsely accused
          > domain....

          you may use dmarc, helps a little bit

          however in my most spammed domain, i use an adaptive firewall
          for blocking servers/bot ips ( beyond postscreen etc ), this keeps the
          log clean, and free up cpu power for legal mail, but that isnt a concept
          for everywhere, its more like last defense


          >
          > R/
          >
          > *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list.
          > Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou.
          >
          > Rod/
          > ---
          > This life is not the real thing.
          > It is not even in Beta.
          > If it was, then OpenBSD would already have a man page for it.
          >
          >



          Best Regards
          MfG Robert Schetterer

          --
          [*] sys4 AG

          http://sys4.de, +49 (89) 30 90 46 64
          Franziskanerstraße 15, 81669 München

          Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
          Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
          Aufsichtsratsvorsitzender: Joerg Heidrich
        Your message has been successfully submitted and would be delivered to recipients shortly.