Hi Michael,
> We are having issues with spammers sending thousands of emails to > non-existent users on our hosted domains and our BX server then bouncing them > as "554 5.5.1 Error: no valid recipients" and our IP consequently getting > blacklisted for backscatter. > > Microsoft hate us now – Hotmail etc. and block all email from our subnet! :-/ > > 5210R > > Is there any practical way to stop “no valid recipient” email being sent out > from the server? Let us take a look at the source of the problem: A SPAM-sender connects from a dial-up IP or botnet or a hacked server to your MTA and claims to be someone he isn't. Like whate...@hotmail.com <mailto:whate...@hotmail.com>. And he then tries to send email to a non-existing user on your end. This can cause backscatter, as the non-delivery-notice is delivered to the claimed (but faked) whate...@hotmail.com <mailto:whate...@hotmail.com> sender address. Exactly ... For legitimate emails you want non-delivery-notice to inform a legitimate sender that he's not getting through. How to defeat backscatter in case of faked sender addresses? Here are three recommendations: 1.) Switch to Postfix in the GUI This has stricter sender verification checks. Will do. 2.) Enable and configure SPF and switch it to "Sign & Verify" mode This checks the SPF records of sender domains and if the senders IP is not within the SPF records published by say hotmail.com, then the email will be rejected at the MTA w/o bounce and NDN. Sounds right. Hadn’t thought of this. To really prevent any bounces ever to leave your server and go somewhere you don't want them to go to? This can be done via Postfix. Edit /usr/sausalito/bin/custom-postfix-confgen.sh and at the bottom add these lines: postconf -e 'bounce_notice_recipient = <your_email_address>' postconf -e '2bounce_notice_recipient = <your_email_address>' Be sure to change <your_email_address> to a valid email address which you want all bounces to go to. Then restart Postfix and you should be good to go: systemctl restart postfix This sounds spot on. Good advice as usual! Many thanks Colin
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx