On 09/07/2010 06:57 PM, mouss wrote:
Le 07/09/2010 16:17, Noel Jones a écrit :
On 9/7/2010 2:32 AM, Jan-Frode Myklebust wrote:
On Mon, Sep 06, 2010 at 06:29:28PM -0500, Noel Jones wrote:
I fail to see how controlling your users From: addresses will affect
a backscatterer.org listing.
I'm thinking we can accept sending some backscatter to our own
customers, at least as long as it's authenticated backscatter and we
can
stop the abuser. We just want to avoid sending backscatter out of our
networks.
That's crazy talk.
Do you have any other suggestions/pointers to what the real problem is?
Don't accept mail you don't intend to deliver, and don't annoy other
sysadmins or remote users. Specifically:
- reject unknown recipients for your local/virtual/relay domains
during the SMTP transaction. Do not accept everything and later
bounce the undeliverables.
- If you do spam and/or virus filtering, either do the filtering
pre-queue so you can reject unwanted mail during SMTP, or accept+tag
or quarantine unwanted mail. Never bounce unwanted mail back to the
reported (forged) sender address.
- Do not use the postfix "reject_unverified_sender" setting unless
you are a very low volume site or you make arrangements to severely
limit the scope of addresses that are verified. Many sysadmins view
verification probes as abusive -- it can appear to be a dictionary
attack.
OP is an ISP providing outbound relay to residential users. his
problem is not easy to solve.
Residential users don't often have their own mail servers/domains.
Limiting these to sending with their true ISP address is fairly common.
(And just about the only sane way to implement this kind of relay)
J.