How to avoid Backscatter in Sendmail
What is Backscattering?
Your email server is a victim of backscattering if you are receiving complaints from legitimate external users indicating that THEY are receiving "user unknown" bounce emails from YOUR domain that they supposedly sent to YOUR internal users, which they didn't. The bounced "user unknown" message contains SPAM.
Example: A <john.doe@yahoo.com> is receiving "user unknown" emails from your <MAILER-DAEMON@your.domain.com> indicating that they sent email to a <jane.doesnotexist@your.domain.com>. The message itself is in fact a SPAM....
This happens in large companies that have their MX server receive email for <whomever@your.domain.com> and later forwards it to its internal Message Store Server (MSS - where their users retreive their email . a.k.a the POP or IMAP server). Only then, your MSS server rejects email for unknown users causing an email to "bounce" back to legitimate external user who have never sent the email in the first place..!
further reading: Wikipedia SPAMlinks
What to do?
Your MX servers should reject email for unknown users at the SMTP initial transaction and NOT forward them to internal SMTP servers without a "user check".
Example scenario:
- domains for which you provide email service: " example.com" and " my.org "
- Name of your MX server for these domains: mx.my.org
- Name of your POP/IMAP server: imap.my.org
- Step1: In MX SERVER, add these 4 lines to your ".mc" file in the right place..
FEATURE(access_db, hash -T<TMPF> /etc/mail/access)dnl
FEATURE(`blacklist_recipients')dnl
define(`VIRTUSER_TABLE', `hash -o /etc/mail/virtusertable')dnl
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtuserdomain')dnl
You can also se my original working .mc file
(compiled with "$ m4 ../m4/cf.m4 mc-usm.mc > /etc/mail/sendmail.cf"
Some configurations also need: (but I did not need it)
FEATURE(`access_db', , `skip',`relaytofulladdress')dnl
- Step2: In MX SERVER, put YOUR internal valid domains in /etc/mail/virtuserdomain
#
example.com
my.org
- Step3: In MX SERVER, add these lines to your "access" file (/etc/mail/access):
-------------------insert into access file-----------------------------
# list of internal domains that have their own servers
# and you do not serve them. Your server only receives email
# from them.
# equal to "internal domains that you receive email via MX"
From:marketing.my.org OK
From:marketing.example.com OK
######################
# Reject Forgery - Not requiered for Backscattering
######################
# FOR TEST USE: /usr/lib/sendmail -bt
# check_mail <valid.user@example.com> --> ACCESS DENIED
From:example.com REJECT
# check_mail <valid.user@my.org> --> ACCESS DENIED
From:my.org REJECT
######################
## Reject Backscatter....
# reject unknown recipients, because SPAMMERS
# use this to spam other domains through bounces
# messages (user unknown).
#
##############################################
# general rejection strings
To:example.com error:5.1.1:"550 User unknown"
To:my.org error:5.1.1:"550 User unknown"
#
################################################
# List ALL valid internal EMAIL addresses
# If not listed here, sender server will get a "550 User unknown"
# you should use a shell script to help you build
# this list each time you create a user.
#
To:john.doe@example.com RELAY
To:jane.joe@my.org RELAY
To:postmaster@example.com RELAY
etc...
-------------------end inserto into access-----------------------------
- Step4: In MX SERVER, regenerate your "sendmail.cf" and re-makemap your "access" database
- Step5: In MX SERVER, TEST the configuration using an external IP address (in this example 200.89.70.8 mx.uchile.cl):
$ /usr/lib/sendmail -bt -d21.4
.D{client_addr}200.89.70.8
.D{client_name}mx.uchile.cl
check_rcpt <john.doe@example.com>
# should produce a ---> RELAY
check_rcpt <user.notexist@example.com>
# should produce a ---> "550 User unknown"
Please email me if there are any errors in this page....
Visita N°