http://www.backscatterer.org

General eFa discussion
Post Reply
nicola.piazzi
Posts: 282
Joined: 23 Apr 2015 09:45

http://www.backscatterer.org

Post by nicola.piazzi » 04 Jul 2019 15:00

My mailserver ip is blacklisted by this site,
They ask me money for immediate delisting and there is no way to contact them

I have efa configured to accept our domain only and it check in ldap for recipent at smtp level
when is not present it give reject immediately and have no bounces

I watch log at time they specified and there is no messages outgoing

what do you think about this site ?

Cattura.PNG
Cattura.PNG (43.29 KiB) Viewed 1620 times

henk
Posts: 387
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: http://www.backscatterer.org

Post by henk » 04 Jul 2019 17:47

Hi Nicola,

Check again ;) https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage
or https://www.dnsbl.info/dnsbl-database-check.php

Are you sure Efa is the only system that can send outbound -NDR-mail?
To be sure add some firewall smtp / smtp ports rules on mail traffic and activate logging on these rules.

nicola.piazzi
Posts: 282
Joined: 23 Apr 2015 09:45

Re: http://www.backscatterer.org

Post by nicola.piazzi » 05 Jul 2019 07:11

Hi henk
only efa can send mail using that ip address, it have its dedicate ip with nat 1 to 1

User avatar
shawniverson
Posts: 2827
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: http://www.backscatterer.org

Post by shawniverson » 06 Jul 2019 14:36

Be sure to check that the ip range that eFa is not sending out bad smtp traffic as well, and make sure Notify Senders is off in MailScanner or set to only notify on your local domains with a ruleset.
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

nicola.piazzi
Posts: 282
Joined: 23 Apr 2015 09:45

Re: http://www.backscatterer.org SOLVED

Post by nicola.piazzi » 09 Jul 2019 14:40

Hi Shawn & henk
I found problem

efa query ldap and reject at conversation level so is impossible that it accept for other domains

impossible ? yes but ldap query returns also AD contacts recipients !!!

So if you have some contacts defined in ad that have other domains ldap query consider it valid
and it they bounces is a backscatter

so is not a good thing
I think that is needed a directive in ldap_relay_recipient_maps.cf to filter contacts

or can be done adding domain to this filter

query_filter = (|(proxyAddresses=smtp:%s) (proxyAddresses=SMTP:%s))

nicola.piazzi
Posts: 282
Joined: 23 Apr 2015 09:45

PRECISATION

Post by nicola.piazzi » 10 Jul 2019 07:58

Hi
When i create an AD CONTACT there is a creation rule that create also an address with principal domain

4 example suppose that i need to crete a contact named John Red that belong to motoroil.com

I create a contact that have
SMTP:john.red@motoroil.com
But Exchange rule add also
smtp:john.red@mycompany.it

When someone send a message to john.red@mycompany.it Postfix accept it because mycompany.it is principal domain then Exchange try to send this email to principal john.red@motoroil.com

motoroil.com reject this mail as spam and then Exchange generate an NDR directed to the sender that is a spoofed sender and backscatterer mark me

Problem is that Exchange create by default a duplicate of each contact that have same name but master domain

Post Reply