Home page logo
/

basics logo Security Basics mailing list archives

RE: Sorbs.net DNS Blacklist
From: "Jason Williams" <jwilliams () courtesymortgage com>
Date: Tue, 14 Mar 2006 09:59:17 -0800

 

The "proper" way to deal with this is to reject during the smtp
conversation, that way your mailserver will not generate the bounce
message and get stuck >in a blacklist.

<http://spamlinks.net/prevent-secure-backscatter.htm>


Very interesting. I did not know the ramifications that can occur from
backscatter. I appreciate the link.


Backscatter is bad, I hope you can find a way to fix your problem The
link explains it better than I can


Let me explain what I did, to make sure I don't contribute to the
problem.

I run a mailgateway, with Postfix, MailScanner and a couple of virus
scanners, plus spamassasin and other goodies.

I wrote a perl script that basically queries my domain controller and
pulls a list of legit employees who have email addresses. It updates the
file as needed (similar to what is posted above, but my setup is a
little different, so I needed to adjust it accordingly.) After that,
postmap the file, reload postfix, wallla. (Cron job runs nightly)

So as of 9:00am PST time, I have a relay_recipient list with only valid
users to accept email for. Anything that comes in with a non-legit email
address, gets rejected with a message explaining that the user is not a
valid email user.

Is that the correct way to do this? Any other caveats I should be aware
of?

Thanks



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]