Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - How to prevent Backscatter in ISP Spamfilter
  FAQ FAQ  Forum Search   Register Register  Login Login

How to prevent Backscatter in ISP Spamfilter

 Post Reply Post Reply
Author
morten44 View Drop Down
Groupie
Groupie


Joined: 07 March 2008
Status: Offline
Points: 74
Post Options Post Options   Thanks (0) Thanks(0)   Quote morten44 Quote  Post ReplyReply Direct Link To This Post Topic: How to prevent Backscatter in ISP Spamfilter
    Posted: 27 May 2010 at 6:02pm

Hi Roberto

Thanks for your very well and detailed explenation as always :)
 
Regards
Morten
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2010 at 2:30pm
Morten,

The new behavior is standard on this new release, there is nothing that needs to be enabled. Please note however that there may be other reasons why someone may get blacklisted, often caused by viruses within a network that may be sending huge amounts of spam to the internet. Usually the sites that blacklist you are able to provide you with details on the "why" the IP/subnet was blocked, which would then pinpoint the problem.

For the Imail question, if your user sends an email to a non-existent user, the bounce back would usually go back to your user, however the remote server would detect the incoming email to the non-existent user. If these are isolated email attempts it wouldn't be a problem, but if the user is infected/spamming and is sending out a lot of emails, then yes, this would be an issue.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
morten44 View Drop Down
Groupie
Groupie


Joined: 07 March 2008
Status: Offline
Points: 74
Post Options Post Options   Thanks (0) Thanks(0)   Quote morten44 Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2010 at 6:02pm
Hi
Thanks for the answer.
 
I think the first option to make a list of all valid emails is not a good option, as we have about 100 domains and each of them can create their own addresses. It would be hard to maintain.
 
About the newest version: 4.2.4.830 we have installed some weeks ago.
However we got blacklisted 3 days ago.
 
By Standard we are using very minimal filtering.
We basically only use the MAPS servers as filter and that has generally worked OK.
We started to get alot of spam from local so we added some more filters but the day after we got bloked. I assume tha its a coinsident that the blocking happened after also applying SFDB on nr4.
 
In this new version, Is it by default that it should work that way?
 
Another potential problem
We have ISP listening on port 25 and forwards to Imail Server port 2225.
 
When our users sends mail out they set port 2225 in outlook and send directly from Imail SMTP and it does not pass ISP when sending.
 
Is there a chance that ISP is working as it should, and the problem is that its Imail who when address is not found, sends a postmaster mail to sender?
 
Regards
Morten
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2010 at 10:20am
Morten,

When SpamFilter receives an email that passes all filtering rules, it forwards it to your destination SMTP server. If that user does not exist, or if their mailbox is full for example, your SMTP server will reject the email attempt. At that point, SpamFilter has to notify the sender that the email was not delivered, and this is (was) done by sending a NDR (non-deliverable report) email back to the sender. If you send out too many of these NDRs, then yes, that may cause the SpamFilter server to be blacklisted. This scenario can be greatly reduced by implementing a "Authorized TO" whitelist, which contains a list of valid email addresses on your mail server. SpamFilter will only accept emails to addresses on that list, which practically eliminates the backscatter issue, and has the great benefit of reducing spam, as spammers who attempt to "guess" valid email addresses will be blocked by SpamFilter's blacklist cache.

This said... a few weeks ago we released a new version of SpamFilter (v4.2.4.830) which completely changes how SpamFilter processes emails. In particular, this feature is exactly what you're looking for:

/ New to VersionNumber = '4.2.4.830';
{TODO -cNew To avoid backscatter, if an incoming email passes all filtering rules, but cannot be forwarded (ex. mailbox full, non-existent user), SpamFilter maintains open the incoming remote connection until it can verify with the destination server that the email can be delivered. If not, a 5xx error is output forcing the remote server to generate the NDR, rather than having SpamFilter send an NDR notification email}

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
jerbo128 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 March 2006
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote jerbo128 Quote  Post ReplyReply Direct Link To This Post Posted: 20 May 2010 at 10:22pm
Morten,
we once used imail 822 also and it's failure to use was the backscatter. Spamfilter for the most part does not backscatter. But Imail 822 has many vulnerabilities and we found it to difficult to plug them all.  My advice, find a new mail server.
Back to Top
morten44 View Drop Down
Groupie
Groupie


Joined: 07 March 2008
Status: Offline
Points: 74
Post Options Post Options   Thanks (0) Thanks(0)   Quote morten44 Quote  Post ReplyReply Direct Link To This Post Posted: 20 May 2010 at 11:40am
Hi.
We have an issue with our mail server. We sometimes get blocked on
Backscatterer.org
We have ISP Spamfilter infront of Imail 8.22 server
 
If I understand correct, we get blocked because we "bouce" delivery failed mail back to sender that sometime is not the real sender. Therefore its taken as spam.
 
I understand we have to configure the system, only to "bounce" delivery failed messages back to LOCAL users, not external users.
 
So my question is;
Is this something we need to setup in ISP spamfilter or is it in the Imail Server?
we are using ISP for all incomming mails. we do not use ISP Spamfilter to validate any outgoing smtp.
 
Our IMAIL Smtp is using "no relay" and "smtp authentcation"
 
can you give me any idea if I can add settings in ISP spamfilter to prevent this and if yes, what.
Or will it be a Imail Configuration setting
 
regards
Morten
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.059 seconds.