> From: "Grant Peel" <gpeel@???>
> I am having a problem with a server getting listed on ips.backscatterer.org.
>
> I have been researchng and reviewing the config shown below, but am not 'getting it'.
At first telnet from a host outside your network to port 25 on that server
and give commands:
EHLO example.com
MAIL FROM:<gpeel@???>
RCPT TO:<nonexistinglocalpart@???>
QUIT
where example.net - a domain in your /etc/virtual/domains without catchall.
If you get 2xx instead of 5xx in reply to the RCPT command then
that's the problem.
Then send a letter from outside to a nonexisting address in a domain
with catchall. If you get a bounce then that's the problem.
> I want to allow bounces to local addresses only.
For that add:
deny authenticated = *
condition = ${if !match_domain{$sender_address_domain}{+local_domains}}
!verify = recipient
deny hosts = +relay_from_hosts
condition = ${if !match_domain{$sender_address_domain}{+local_domains}}
!verify = recipient
before the:
> accept authenticated = *
> accept hosts = +relay_from_hosts
> Also, I am not so sure I understand the verify / callback process vrs. the config below.
You don't do callback, and that's good.
> If anyone cares to review it and comment, I would be greatful.
> accept hosts = +spf_bypass
> spf = fail
> logwrite = SPF - REFLEXION $sender_host_address is OK for \
> $sender_address_domain
Here you lack:
endpass
message = unknown user
verify = recipient
> deny message = SPF - INCOMING $sender_host_address \
> is not allowed to send mail from $sender_address_domain
> spf = fail
> accept domains = +local_domains
> endpass
> message = unknown user
> verify = recipient
> accept domains = +relay_to_domains
> endpass
> message = unrouteable address
> verify = recipient
> autoreply_transport:
> driver = pipe
> command = /usr/local/bin/autoreply.pl /home/$domain/mail/auto-replies/$local_part
If the autoreply.pl script sends letters with empty sender then
that's the problem: backscatterer.org considers autoreply as a bounce.
> spamcheck:
> driver = pipe
> command = /usr/local/sbin/exim -oMr spam-scanned -bS
> use_bsmtp = true
> transport_filter = /usr/local/bin/spamc -u ${lookup{$domain}lsearch{/etc/virtual/domains_users}}
What happens if spamc considers the letter as certainly spam?
> If I understand that backscatter thing correctly,
> If we sent to an outside server with a F=<> and there is more than on
> recipient, we could keep getting blacklisted to ips.backscatterer.org.
No, quantity of recipients doesn't matter. If you send to an outside server
with a F=<> even with one recipient, you'll keep getting blacklisted.
You need to understand why letters to outside with F=<> are generated,
are they bounces or something else (autoreplies?).
A "deny" is not a bounce. Lack of "deny" causes bounces if delivery fails
at transport time.
