Home page logo

basics logo Security Basics mailing list archives

Re: Sorbs.net DNS Blacklist
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Wed, 15 Mar 2006 12:57:28 +0530

On 14/03/06 09:59 -0800, Jason Williams wrote:

The "proper" way to deal with this is to reject during the smtp
conversation, that way your mailserver will not generate the bounce
message and get stuck >in a blacklist.


Very interesting. I did not know the ramifications that can occur from
backscatter. I appreciate the link.

The volume of backscatter is high enough to be a DoS attack. I work for
a fairly large email service provider, and we face this daily.

Backscatter is bad, I hope you can find a way to fix your problem The
link explains it better than I can

Let me explain what I did, to make sure I don't contribute to the

I run a mailgateway, with Postfix, MailScanner and a couple of virus
scanners, plus spamassasin and other goodies.

Note that mailscanner is officially unsupported with Postfix. Use
amavisd-new instead.

I wrote a perl script that basically queries my domain controller and
pulls a list of legit employees who have email addresses. It updates the
file as needed (similar to what is posted above, but my setup is a
little different, so I needed to adjust it accordingly.) After that,
postmap the file, reload postfix, wallla. (Cron job runs nightly)

So as of 9:00am PST time, I have a relay_recipient list with only valid
users to accept email for. Anything that comes in with a non-legit email
address, gets rejected with a message explaining that the user is not a
valid email user.

Is that the correct way to do this? Any other caveats I should be aware

This is the right way to do it. If you ever need a realtime list, look
at the reject_unverified_recipient parameter in

Devdas Bhagat

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]