Re: [exim] Backscatter & Sender callouts.

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
Subject: Re: [exim] Backscatter & Sender callouts.
> From: "Grant Peel" <gpeel@???>

> I am having a problem with a server getting listed on ips.backscatterer.org.
>
> I have been researchng and reviewing the config shown below, but am not 'getting it'.


At first telnet from a host outside your network to port 25 on that server
and give commands:

EHLO example.com
MAIL FROM:<gpeel@???>
RCPT TO:<nonexistinglocalpart@???>
QUIT

where example.net - a domain in your /etc/virtual/domains without catchall.
If you get 2xx instead of 5xx in reply to the RCPT command then
that's the problem.

Then send a letter from outside to a nonexisting address in a domain
with catchall. If you get a bounce then that's the problem.

> I want to allow bounces to local addresses only.


For that add:

  deny authenticated = *
       condition = ${if !match_domain{$sender_address_domain}{+local_domains}}
       !verify = recipient
  deny hosts = +relay_from_hosts
       condition = ${if !match_domain{$sender_address_domain}{+local_domains}}
       !verify = recipient


before the:

>         accept  authenticated   = *
>         accept  hosts           = +relay_from_hosts


> Also, I am not so sure I understand the verify / callback process vrs. the config below.


You don't do callback, and that's good.

> If anyone cares to review it and comment, I would be greatful.


>         accept  hosts           = +spf_bypass
>                 spf             = fail
>                 logwrite        = SPF - REFLEXION $sender_host_address is OK for \
>                                 $sender_address_domain


Here you lack:

                endpass
                message         = unknown user
                verify          = recipient


>         deny    message         = SPF - INCOMING $sender_host_address \
>                                 is not allowed to send mail from $sender_address_domain
>                 spf             = fail
>         accept  domains         = +local_domains
>                 endpass
>                 message         = unknown user
>                 verify          = recipient
>         accept  domains         = +relay_to_domains
>                 endpass
>                 message         = unrouteable address
>                 verify          = recipient


> autoreply_transport:
> driver = pipe
> command = /usr/local/bin/autoreply.pl /home/$domain/mail/auto-replies/$local_part


If the autoreply.pl script sends letters with empty sender then
that's the problem: backscatterer.org considers autoreply as a bounce.

> spamcheck:
> driver = pipe
> command = /usr/local/sbin/exim -oMr spam-scanned -bS
> use_bsmtp = true
> transport_filter = /usr/local/bin/spamc -u ${lookup{$domain}lsearch{/etc/virtual/domains_users}}


What happens if spamc considers the letter as certainly spam?

> If I understand that backscatter thing correctly,
> If we sent to an outside server with a F=<> and there is more than on
> recipient, we could keep getting blacklisted to ips.backscatterer.org.


No, quantity of recipients doesn't matter. If you send to an outside server
with a F=<> even with one recipient, you'll keep getting blacklisted.
You need to understand why letters to outside with F=<> are generated,
are they bounces or something else (autoreplies?).
A "deny" is not a bounce. Lack of "deny" causes bounces if delivery fails
at transport time.